CVE-2026-43223

EUVD-2026-27786

06.05.2026, 12:16

In the Linux kernel, the following vulnerability has been resolved:

media: pvrusb2: fix URB leak in pvr2_send_request_ex

When pvr2_send_request_ex() submits a write URB successfully but fails to
submit the read URB (e.g. returns -ENOMEM), it returns immediately without
waiting for the write URB to complete. Since the driver reuses the same
URB structure, a subsequent call to pvr2_send_request_ex() attempts to
submit the still-active write URB, triggering a 'URB submitted while
active' warning in usb_submit_urb().

Fix this by ensuring the write URB is unlinked and waited upon if the read
URB submission fails.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	2.6.18 ≤ 𝑥 < 5.10.252
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.202
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.165
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.128
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.75
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.16
linux	linux_kernel	6.19 ≤ 𝑥 < 6.19.6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.170-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	6.19.14-1 fixed
sid	7.0.4-1 fixed
trixie	vulnerable
trixie (security)	6.12.86-1 fixed

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht spezifizierte Angriffe durchzuführen, möglicherweise Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-05-06T22:00:00+00:00

References

https://git.kernel.org/stable/c/2011929f0e4cf6a0a34dd6205911b12276904453

https://git.kernel.org/stable/c/4ba5c7a1aade7090172cbffd4d120bf4cf5ccbde

https://git.kernel.org/stable/c/58dd722b6c3debcddb4684fb256c90fee7f063e5

https://git.kernel.org/stable/c/5f3ac816861c3b8a5d1a3645b17dc3a99d668d94

https://git.kernel.org/stable/c/77a63f8efc434ddb04667ed632aade58301a2f13

https://git.kernel.org/stable/c/a8333c8262aed2aedf608c18edd39cf5342680a7

https://git.kernel.org/stable/c/cf459d6ffa5e150ef3744b897f936ff24b52bd15

https://git.kernel.org/stable/c/da524c939b1e5ba17f10db4bde4bdaf569ffcda6