CVE-2026-23324

EUVD-2026-15277
In the Linux kernel, the following vulnerability has been resolved:

can: usb: etas_es58x: correctly anchor the urb in the read bulk callback

When submitting an urb, that is using the anchor pattern, it needs to be
anchored before submitting it otherwise it could be leaked if
usb_kill_anchored_urbs() is called.  This logic is correctly done
elsewhere in the driver, except in the read bulk callback so do that
here also.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-1
fixed
forky
6.19.8-1
fixed
sid
6.19.8-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
References
https://git.kernel.org/stable/c/18eee279e9b5bff0db1aca9475ae4bc12804f05c
https://git.kernel.org/stable/c/2185ea6e4ebcb61d1224dc7d187c59723cb5ad59
https://git.kernel.org/stable/c/5eaad4f768266f1f17e01232ffe2ef009f8129b7
https://git.kernel.org/stable/c/b878444519fa03a3edd287d1963cf79ef78be2f1
https://git.kernel.org/stable/c/b8f9ca88253574638bcff38900a4c28d570b1919
https://git.kernel.org/stable/c/f6e90c113c92e83fc0963d5e60e16b0e8a268981