CVE-2026-23037

CVSS v2.0

4.0

Medium

Vector

AV:A/AC:H/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s etas es58x CAN driver where a partial allocation of RX URBs could lead to a memory leak. Specifically, the es58x alloc rx urbs() function, when failing to allocate the requested number of URBs but succeeding in allocating some, returns an error. This premature return skips necessary cleanup, resulting in leaked URBs. The driver is designed to handle partial URB allocation without issue, so partial allocation should not be considered a fatal error. The issue occurs because the es58x open() function returns early, skipping the 'free urbs' cleanup label.

Recommendations Modify the es58x alloc rx urbs() function to return 0 if at least one URB has been allocated, restoring the intended behavior and preventing the leak in es58x open().

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2026-03764

CVE-2026-23037

ECHO-BFDC-B6DF-D702

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8162-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

USN-8275-1

USN-8278-1

USN-8278-2

USN-8289-1

USN-8289-2

USN-8296-1

USN-8296-2

USN-8297-1

USN-8393-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23037

Weakness Enumeration

Related Identifiers

Affected Products

References · 2187