PT-2026-6178 · Linux+2 · Linux Kernel+2

Published

2026-01-01

·

Updated

2026-06-16

·

CVE-2026-23108

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A memory leak exists in the usb 8dev read bulk callback() function within the usb 8dev driver of the Linux kernel. This issue occurs because the USB framework unanchors URBs before the completion function is called, preventing their release during the unlinking process in usb kill anchored urbs(). The fix involves anchoring the URB in usb 8dev read bulk callback() to the priv->rx submitted anchor. This issue is similar to a previously resolved memory leak addressed by commit 7352e1d5932a.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

CVE-2026-23108
ECHO-158C-A02E-6ED6
OPENSUSE-SU-2026:20416-1
SUSE-SU-2026:0962-1
SUSE-SU-2026:1081-1
SUSE-SU-2026:20667-1
SUSE-SU-2026:20720-1
SUSE-SU-2026:20838-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
SUSE-SU-2026:20931-1
SUSE-SU-2026:21284-1
USN-8162-1
USN-8180-1
USN-8180-2
USN-8180-3
USN-8180-4
USN-8180-5
USN-8180-6
USN-8186-1
USN-8187-1
USN-8188-1
USN-8243-1
USN-8275-1
USN-8278-1
USN-8278-2
USN-8289-1
USN-8289-2
USN-8296-1
USN-8296-2
USN-8297-1
USN-8393-1
USN-8440-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu