CVE-2026-23037 - Vulnerability Details

- can: etas_es58x: allow partial RX URB allocation to succeed

Description

In the Linux kernel, the following vulnerability has been resolved:

can: etas_es58x: allow partial RX URB allocation to succeed

When es58x_alloc_rx_urbs() fails to allocate the requested number of
URBs but succeeds in allocating some, it returns an error code.
This causes es58x_open() to return early, skipping the cleanup label
'free_urbs', which leads to the anchored URBs being leaked.

As pointed out by maintainer Vincent Mailhol, the driver is designed
to handle partial URB allocation gracefully. Therefore, partial
allocation should not be treated as a fatal error.

Modify es58x_alloc_rx_urbs() to return 0 if at least one URB has been
allocated, restoring the intended behavior and preventing the leak
in es58x_open().

Published: 2026-01-31

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel driver for the CAN device etas_es58x incorrectly treats partial allocation of USB Request Blocks (URBs) as a fatal error, allowing some URBs to remain allocated when the driver opens its interface. This results in a memory leak that can accumulate over time, potentially exhausting system resources and leading to a denial of service if the kernel runs out of memory for subsequent URB allocations.

Affected Systems

Both Linux kernel variants that include the etas_es58x CAN driver are affected. No specific kernel version numbers are listed in the advisory, so all kernels containing the older implementation should be considered vulnerable until the patch is applied.

Risk and Exploitability

The EPSS score of less than 1% indicates a very low probability of exploitation. No exploits are publicly known, and the vulnerability has not been listed in the CISA KEV catalog. Because the issue results in a resource leak that could grow over time, an attacker who can repeatedly trigger the driver’s URB allocation path has the potential to exhaust kernel memory, leading to a denial of service. The severity is therefore primarily limited to systems that repeatedly use the etas_es58x driver or have high‑load USB environments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`8537257874e949a59c834cecfd5a063e11b64b0b`	affected	< 97250eb05e4b6afe787290e8fd97d0675116c61b
`8537257874e949a59c834cecfd5a063e11b64b0b`	affected	< aec888f44853584b5a7cd01249806030cf94a73d
`8537257874e949a59c834cecfd5a063e11b64b0b`	affected	< 611e839d2d552416b498ed5593e10670f61fcd4d
`8537257874e949a59c834cecfd5a063e11b64b0b`	affected	< ba45e3d6b02c97dbb4578fbae7027fd66f3caa10
`8537257874e949a59c834cecfd5a063e11b64b0b`	affected	< 6c5124a60989051799037834f0a1a4b428718157
`8537257874e949a59c834cecfd5a063e11b64b0b`	affected	< b1979778e98569c1e78c2c7f16bb24d76541ab00

Linux

affected

Version	Status	Constraints
`5.13`	affected	—
`0`	unaffected	< 5.13
`5.15.199`	unaffected	≤ 5.15.*
`6.1.162`	unaffected	≤ 6.1.*
`6.6.122`	unaffected	≤ 6.6.*
`6.12.67`	unaffected	≤ 6.12.*
`6.18.7`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Identify and apply the kernel patch that changes es58x_alloc_rx_urbs() to return success when at least one URB is allocated, preventing the leak.
Rebuild and install the updated kernel, ensuring the etas_es58x driver is loaded from the new image.
If a newer kernel release is available that includes the fix, upgrade the system to that kernel as an alternative to applying the patch.

Generated by OpenCVE AI on April 18, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4476-1	linux-6.1 security update
Debian DSA	DSA-6126-1	linux security update
Debian DSA	DSA-6127-1	linux security update
Ubuntu USN	USN-8162-1	Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN	USN-8180-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8180-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8186-1	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8187-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8188-1	Linux kernel (HWE) vulnerabilities

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/611e839d2d552416b498ed5593e10670f61fcd4d
https://git.kernel.org/stable/c/6c5124a60989051799037834f0a1a4b428718157
https://git.kernel.org/stable/c/97250eb05e4b6afe787290e8fd97d0675116c61b
https://git.kernel.org/stable/c/aec888f44853584b5a7cd01249806030cf94a73d
https://git.kernel.org/stable/c/b1979778e98569c1e78c2c7f16bb24d76541ab00
https://git.kernel.org/stable/c/ba45e3d6b02c97dbb4578fbae7027fd66f3caa10
https://lore.kernel.org/linux-cve-announce/2026013122-CVE-2026-23037-6cae@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23037
https://www.cve.org/CVERecord?id=CVE-2026-23037

History

Sat, 18 Apr 2026 14:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Fri, 06 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/97250eb05e4b6afe787290e8fd97d0675116c61b https://git.kernel.org/stable/c/aec888f44853584b5a7cd01249806030cf94a73d

Tue, 03 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026013122-CVE-2026-23037-6cae@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23037 https://www.cve.org/CVERecord?id=CVE-2026-23037

Sat, 31 Jan 2026 12:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58x_open() to return early, skipping the cleanup label 'free_urbs', which leads to the anchored URBs being leaked. As pointed out by maintainer Vincent Mailhol, the driver is designed to handle partial URB allocation gracefully. Therefore, partial allocation should not be treated as a fatal error. Modify es58x_alloc_rx_urbs() to return 0 if at least one URB has been allocated, restoring the intended behavior and preventing the leak in es58x_open().
Title		can: etas_es58x: allow partial RX URB allocation to succeed
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/611e839d2d552416b498ed5593e10670f61fcd4d https://git.kernel.org/stable/c/6c5124a60989051799037834f0a1a4b428718157 https://git.kernel.org/stable/c/b1979778e98569c1e78c2c7f16bb24d76541ab00 https://git.kernel.org/stable/c/ba45e3d6b02c97dbb4578fbae7027fd66f3caa10

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-01-31T11:42:31.689Z

Updated: 2026-02-09T08:37:31.963Z

Reserved: 2026-01-13T15:37:45.943Z

Link: CVE-2026-23037

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-01-31T12:16:07.010

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23037

Redhat

Severity :

Publid Date: 2026-01-31T00:00:00Z

Links: CVE-2026-23037 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-18T14:30:02Z

Weaknesses

CWE-401

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object