CVE-2026-23334 - Vulnerability Details

- can: usb: f81604: handle short interrupt urb messages properly

Description

In the Linux kernel, the following vulnerability has been resolved:

can: usb: f81604: handle short interrupt urb messages properly

If an interrupt urb is received that is not the correct length, properly
detect it and don't attempt to treat the data as valid.

Published: 2026-03-25

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The f81604 CAN driver in the Linux kernel does not validate the length of interrupt USB Request Blocks. When a USB device sends an URB that is shorter than expected, the driver can mistake the incomplete data for a legitimate message. This flaw can lead the kernel to process invalid data, potentially causing a denial of service or other instability. The CVE description explicitly states that the driver now detects short URBs and avoids treating the data as valid. This attack vector is inferred from the requirement for a crafted USB interrupt message, implying local or physical access to the target machine.

Affected Systems

All Linux kernel builds that include the unpatched f81604 driver – for example kernel 6.5, the 7.0 release‑candidate series (RC1 through RC7), and any kernel matching the CPEs listed in the advisory – remain vulnerable until the fix is applied. Systems that compile the driver into the kernel or load it as a module are affected.

Risk and Exploitability

This vulnerability has a moderate CVSS score of 5.5 and an EPSS score of less than 1 %, indicating a low likelihood of exploitation as of the current data. It is not listed in the CISA KEV catalog. Exploitation would require an attacker to deliver a crafted USB interrupt message to a device that uses the f81604 driver. The requirement of local or physical access is inferred from the description.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`88da17436973e463bed59bea79771fb03a21555e`	affected	< 9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0
`88da17436973e463bed59bea79771fb03a21555e`	affected	< c5d69da6c919648838734097861e979677eedcde
`88da17436973e463bed59bea79771fb03a21555e`	affected	< 36ead57443146e6b730ce1f48ca3e9b17e19a3d2
`88da17436973e463bed59bea79771fb03a21555e`	affected	< 66615e6293388f75a56226d1216fd9cfb3d95e05
`88da17436973e463bed59bea79771fb03a21555e`	affected	< 7299b1b39a255f6092ce4ec0b65f66e9d6a357af

Linux

affected

Version	Status	Constraints
`6.5`	affected	—
`0`	unaffected	< 6.5
`6.6.130`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.5:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[88da17436973e463bed59bea79771fb03a21555e,9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0)`	affected	code_commit	—
`[88da17436973e463bed59bea79771fb03a21555e,c5d69da6c919648838734097861e979677eedcde)`	affected	code_commit	—
`[88da17436973e463bed59bea79771fb03a21555e,36ead57443146e6b730ce1f48ca3e9b17e19a3d2)`	affected	code_commit	—
`[88da17436973e463bed59bea79771fb03a21555e,66615e6293388f75a56226d1216fd9cfb3d95e05)`	affected	code_commit	—
`[88da17436973e463bed59bea79771fb03a21555e,7299b1b39a255f6092ce4ec0b65f66e9d6a357af)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.5`	affected	generic	—
`[0,6.5)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.77,6.13.0)`	unaffected	semver	—
`[6.18.17,6.19.0)`	unaffected	semver	—
`[6.19.7,6.20.0)`	unaffected	semver	—
`7.0-rc3`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that incorporates the f81604 interrupt URB handling fix.
If a kernel upgrade is not immediately possible, unload or disable the f81604 CAN driver to remove the vulnerable code path.
Ensure that any custom USB drivers or modules enforce bounds‑checking on buffer sizes before processing data, mitigating the CWE‑131 flaw.
Restrict USB device usage by configuring device trust filtering or blacklisting the f81604 module, thereby limiting exposure.

Generated by OpenCVE AI on April 29, 2026 at 04:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6238-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2
https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05
https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af
https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0
https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde
https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23334-1b12@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23334
https://www.cve.org/CVERecord?id=CVE-2026-23334

History

Thu, 23 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:6.5:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-131
References		https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23334-1b12@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23334 https://www.cve.org/CVERecord?id=CVE-2026-23334

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid.
Title		can: usb: f81604: handle short interrupt urb messages properly
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2 https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05 https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0 https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:27:24.664Z

Updated: 2026-05-11T22:04:49.994Z

Reserved: 2026-01-13T15:37:45.997Z

Link: CVE-2026-23334

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-03-25T11:16:30.903

Modified: 2026-04-23T21:13:15.427

Link: CVE-2026-23334

Redhat

Severity :

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23334 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-29T04:45:03Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object