Improper resource shutdown or release in Linux kernel - CVE-2026-43223
Published: May 7, 2026
Vulnerability identifier: #VU130504
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43223
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in pvr2_send_request_ex() when submitting USB request blocks. A local user can trigger a failure after a write URB has been submitted but before the corresponding read URB is submitted to cause a denial of service.
The issue is triggered when read URB submission fails while the write URB remains active and is later reused.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/2011929f0e4cf6a0a34dd6205911b12276904453
- https://git.kernel.org/stable/c/4ba5c7a1aade7090172cbffd4d120bf4cf5ccbde
- https://git.kernel.org/stable/c/58dd722b6c3debcddb4684fb256c90fee7f063e5
- https://git.kernel.org/stable/c/5f3ac816861c3b8a5d1a3645b17dc3a99d668d94
- https://git.kernel.org/stable/c/77a63f8efc434ddb04667ed632aade58301a2f13
- https://git.kernel.org/stable/c/a8333c8262aed2aedf608c18edd39cf5342680a7
- https://git.kernel.org/stable/c/cf459d6ffa5e150ef3744b897f936ff24b52bd15
- https://git.kernel.org/stable/c/da524c939b1e5ba17f10db4bde4bdaf569ffcda6