CVE-2026-46103

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A lifetime bookkeeping error exists in the ucan driver within the CAN subsystem. USB drivers bind to USB interfaces, and device managed resources must have their lifetime tied to the interface instead of the parent USB device. Failure to do so can lead to memory leaks when drivers are unbound without the physical disconnection of devices, such as during configuration changes or probe deferral. Specifically, the control message buffer lifetime was not correctly managed, preventing its release upon driver unbind.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.