Description
In the Linux kernel, the following vulnerability has been resolved:

can: usb: f81604: correctly anchor the urb in the read bulk callback

When submitting an urb, that is using the anchor pattern, it needs to be
anchored before submitting it otherwise it could be leaked if
usb_kill_anchored_urbs() is called. This logic is correctly done
elsewhere in the driver, except in the read bulk callback so do that
here also.
Published: 2026-03-25
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Memory Leak / Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The Linux kernel driver for the f81604 USB controller failed to anchor URBs (USB Request Blocks) in the read bulk callback before submission. When an anchored URB is submitted without proper anchoring, the kernel could retain a reference to the URB even after usb_kill_anchored_urbs() is called, potentially leaking resources and sensitive data. This flaw represents a reference counting leak (CWE‑771) and could lead to memory corruption, unintended disclosure of private data, or a denial‑of‑service condition if an attacker can force repeated faulty submissions.

Affected Systems

This issue is present in the Linux kernel where the f81604 driver is compiled and used. It affects all Linux kernel installations that include this driver and have not been updated with the mitigated source code. Vendor information is listed as Linux:Linux for both CNA and CPES entries. No specific kernel version range is provided in the advisory.

Risk and Exploitability

The exploit probability (EPSS) is reported as less than 1 %, and the vulnerability is not listed in CISA’s KEV catalog, indicating a low likelihood of exploitation. The attack path requires a USB device that communicates with the f81604 controller and triggers the read bulk operation. Because the flaw requires interaction with specific hardware and kernel code, it is likely limited to local or physical access scenarios. Given the low EPSS score and absence from KEV, the overall risk remains low, but patching is advised to eliminate the reference counting flaw.

Generated by OpenCVE AI on March 26, 2026 at 03:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the fix for CVE‑2026‑23347
  • Confirm that the running kernel version implements the corrected URB anchoring in the f81604 read bulk callback

Generated by OpenCVE AI on March 26, 2026 at 03:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-771
References

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usb_kill_anchored_urbs() is called. This logic is correctly done elsewhere in the driver, except in the read bulk callback so do that here also.
Title can: usb: f81604: correctly anchor the urb in the read bulk callback
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:05:31.015Z

Reserved: 2026-01-13T15:37:45.999Z

Link: CVE-2026-23347

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:32.903

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-23347

cve-icon Redhat

Severity :

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23347 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:16:10Z

Weaknesses