The Linux kernel driver for the f81604 USB controller contains a flaw where USB Request Blocks (URBs) that use the anchor pattern are not anchored before submission within the read bulk callback. Because the URB is not anchored, when the kernel function usb_kill_anchored_urbs() is called the URB may remain referenced and leak kernel memory or kernel data structures. This is a reference‑counting error (CWE‑771) that could expose sensitive kernel information but does not enable arbitrary code execution or memory corruption directly.

All Linux kernel builds that include the f81604 driver and have not yet received the patch are affected. The advisory lists no specific kernel versions, so any kernel containing the driver is potentially vulnerable until the update is applied.

The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1 % combined with the absence from CISA’s KEV catalog suggest a low likelihood of exploitation. The vulnerability requires a USB device that engages the f81604 controller and triggers a read bulk operation; the likely attack vector is a local or physical access scenario, inferred from the fact that the flaw is triggered by USB activity on the target system. While the risk to confidentiality is limited to leaked kernel references, patching is advised to eliminate the reference‑counting issue.