{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23334", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.997Z", "datePublished": "2026-03-25T10:27:24.664Z", "dateUpdated": "2026-03-25T10:27:24.664Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:24.664Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: f81604: handle short interrupt urb messages properly\n\nIf an interrupt urb is received that is not the correct length, properly\ndetect it and don't attempt to treat the data as valid."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/usb/f81604.c"], "versions": [{"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0", "status": "affected", "versionType": "git"}, {"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "c5d69da6c919648838734097861e979677eedcde", "status": "affected", "versionType": "git"}, {"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "36ead57443146e6b730ce1f48ca3e9b17e19a3d2", "status": "affected", "versionType": "git"}, {"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "66615e6293388f75a56226d1216fd9cfb3d95e05", "status": "affected", "versionType": "git"}, {"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "7299b1b39a255f6092ce4ec0b65f66e9d6a357af", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/usb/f81604.c"], "versions": [{"version": "6.5", "status": "affected"}, {"version": "0", "lessThan": "6.5", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0"}, {"url": "https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde"}, {"url": "https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2"}, {"url": "https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05"}, {"url": "https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af"}], "title": "can: usb: f81604: handle short interrupt urb messages properly", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: f81604: handle short interrupt urb messages properly\n\nIf an interrupt urb is received that is not the correct length, properly\ndetect it and don't attempt to treat the data as valid."}], "id": "CVE-2026-23334", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:30.903", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: can: usb: f81604: handle short interrupt urb messages properly", "id": "2451219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451219"}, "csaw": false, "cwe": "CWE-131", "details": ["A flaw was found in the Linux kernel's `can: usb: f81604` module. This vulnerability arises when the system processes Universal Serial Bus (USB) interrupt request blocks (URBs) that are shorter than their expected length. Improper handling of these malformed messages could lead to unexpected system behavior or resource issues, potentially resulting in a Denial of Service (DoS)."], "name": "CVE-2026-23334", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23334\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23334\nhttps://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23334-1b12@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-03-25T12:14:55.464021+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a release that incorporates the patch for f81604 interrupt URB validation.", "Verify that the kernel reports the updated version number.", "Restart services that use the CAN over USB driver after updating."], "summary": {"action": "Apply patch", "impact": "Potential memory corruption or denial of service via malformed USB interrupt messages"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all Linux kernels that include the f81604 CAN over USB driver before the fix. Only the vendor listed is Linux; no specific kernel release numbers are given. Users should consult their distribution\u2019s changelog or kernel release notes to determine whether the patch is present; kernels released after the corrective commit are safe.", "description_and_impact": "The Linux kernel\u2019s CAN over USB driver for the f81604 device previously accepted an interrupt URB that was shorter than the size expected by the driver and processed the data as though it were valid. This omission could allow an attacker to craft a malformed USB interrupt message that would be misinterpreted, potentially leading to memory corruption, crashes, or denial of service. The patch introduces a validation step that detects short URBs and rejects them, preventing exploitation of this flaw.", "risk_and_exploitability": "No CVSS or EPSS score is published, and the issue is not listed in CISA\u2019s KEV catalog. Exploiting the flaw requires an attacker to send a crafted USB interrupt to the f81604 device, which typically means local or physical access to the USB bus. Because the target is a specific hardware device, the likelihood of widespread exploitation is low unless the device is exposed to untrusted hosts. The risk is therefore moderate to low for most users, but systems that rely on safety\u2011critical CAN traffic should apply the patch promptly."}}}}, "created": "2026-03-25T21:32:19.644625+00:00", "updated": "2026-03-25T21:32:19.644695+00:00", "vendors": [], "weaknesses": ["CWE-20"]}