CVE-2026-23061

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak in the kvaser usb module. Specifically, the issue occurs within the kvaser usb read bulk callback() function when handling USB-in transfers. The URBs (USB Request Blocks) are not consistently released, leading to a memory leak. This happens because the USB framework unanchors the URB before the completion callback is executed, and the usb kill anchored urbs() function in kvaser usb remove interfaces() does not release the unanchored URB. The fix involves anchoring the URB in the kvaser usb read bulk callback() to the dev->rx submitted anchor. The issue is similar to a previously resolved memory leak in the gs usb module (commit 7352e1d5932a).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

CVE-2026-23061

ECHO-F553-7FB2-8231

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8162-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

USN-8275-1

USN-8278-1

USN-8289-1

USN-8296-1

USN-8297-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

Gs Usb

Kvaser Usb

CVE-2026-23061

Weakness Enumeration

Related Identifiers

Affected Products

References · 2156