CVE-2026-23324

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the handling of USB urb (USB Request Block) anchoring within the etas es58x CAN (Controller Area Network) driver. Specifically, the read bulk callback lacked proper anchoring of the urb before submission. This could lead to a memory leak if usb kill anchored urbs() was called before the urb was correctly anchored. The issue occurs when using the anchor pattern for urb submission.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23324

ECHO-8A3C-B340-62D5

OPENSUSE-SU-2026:20826-1

SUSE-SU-2026:21841-1

SUSE-SU-2026:21845-1

SUSE-SU-2026:21860-1

SUSE-SU-2026:21876-1

SUSE-SU-2026:21877-1

SUSE-SU-2026:21916-1

SUSE-SU-2026:21919-1

SUSE-SU-2026:2217-1

SUSE-SU-2026:2238-1

Affected Products

Linux Kernel

Etas Es58X Can Driver

CVE-2026-23324

Related Identifiers

Affected Products

References · 23