{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23082","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.960Z","datePublished":"2026-02-04T16:08:06.731Z","dateUpdated":"2026-05-11T21:59:39.102Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:59:39.102Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error\n\nIn commit 7352e1d5932a (\"can: gs_usb: gs_usb_receive_bulk_callback(): fix\nURB memory leak\"), the URB was re-anchored before usb_submit_urb() in\ngs_usb_receive_bulk_callback() to prevent a leak of this URB during\ncleanup.\n\nHowever, this patch did not take into account that usb_submit_urb() could\nfail. The URB remains anchored and\nusb_kill_anchored_urbs(&parent->rx_submitted) in gs_can_close() loops\ninfinitely since the anchor list never becomes empty.\n\nTo fix the bug, unanchor the URB when an usb_submit_urb() error occurs,\nalso print an info message."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/can/usb/gs_usb.c"],"versions":[{"version":"9c151898cc259a7784be60ba38664f42ede39b31","lessThan":"da01de754e455e2598a7f1ce4ff2078c4f0ecde1","status":"affected","versionType":"git"},{"version":"ec5ccc2af9e5b045671f3f604b57512feda8bcc5","lessThan":"aa8a8866c533a150be4763bcb27993603bd5426c","status":"affected","versionType":"git"},{"version":"f905bcfa971edb89e398c98957838d8c6381c0c7","lessThan":"ce4352057fc5a986c76ece90801b9755e7c6e56c","status":"affected","versionType":"git"},{"version":"08624b7206ddb9148eeffc2384ebda2c47b6d1e9","lessThan":"c610b550ccc0438d456dfe1df9f4f36254ccaae3","status":"affected","versionType":"git"},{"version":"9f669a38ca70839229b7ba0f851820850a2fe1f7","lessThan":"c3edc14da81a8d8398682f6e4ab819f09f37c0b7","status":"affected","versionType":"git"},{"version":"7352e1d5932a0e777e39fa4b619801191f57e603","lessThan":"79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/can/usb/gs_usb.c"],"versions":[{"version":"6.12.67","lessThan":"6.12.68","status":"affected","versionType":"semver"},{"version":"6.18.7","lessThan":"6.18.8","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.67","versionEndExcluding":"6.12.68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.7","versionEndExcluding":"6.18.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/da01de754e455e2598a7f1ce4ff2078c4f0ecde1"},{"url":"https://git.kernel.org/stable/c/aa8a8866c533a150be4763bcb27993603bd5426c"},{"url":"https://git.kernel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c"},{"url":"https://git.kernel.org/stable/c/c610b550ccc0438d456dfe1df9f4f36254ccaae3"},{"url":"https://git.kernel.org/stable/c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7"},{"url":"https://git.kernel.org/stable/c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7"}],"title":"can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error","x_generator":{"engine":"bippy-1.2.0"}}}}