CVE-2026-23021

MEDIUM

Linux Kernel - Memory Corruption

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronously writing to the device registers and if usb_submit_urb() fail, the code fail to release allocated to this point resources.

References (7)

[Patch] https://git.kernel.org/stable/c/471dfb97599eec74e0476046b3ef8e7037f27b34

[Patch] https://git.kernel.org/stable/c/5397ea6d21c35a17707e201a60761bdee00bcc4e

[Patch] https://git.kernel.org/stable/c/93f18eaa190374e0f2d253e3b1a65cee19a7abe6

[Patch] https://git.kernel.org/stable/c/a40af9a2904a1ab8ce61866ebe2a894ef30754ba

[Patch] https://git.kernel.org/stable/c/ac5d92d2826dec51e5d4c6854865bc5817277452

[Patch] https://git.kernel.org/stable/c/afa27621a28af317523e0836dad430bec551eb54

[Patch] https://git.kernel.org/stable/c/ce6eef731aba23a988decea1df3b08cf978f7b01

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (25)

linux/Kernel 3.10.0 - 5.10.248linux

linux/Kernel 5.11.0 - 5.15.198linux

linux/Kernel 5.16.0 - 6.1.161linux

linux/Kernel 6.13.0 - 6.18.6linux

linux/Kernel 6.2.0 - 6.6.121linux

linux/Kernel 6.7.0 - 6.12.66linux

Linux/Linux < 3.10

Linux/Linux 3.10

Linux/Linux 323b34963d113efb566635f43858f40cce01d5f9 - 471dfb97599eec74e0476046b3ef8e7037f27b34

Linux/Linux 323b34963d113efb566635f43858f40cce01d5f9 - 5397ea6d21c35a17707e201a60761bdee00bcc4e

... and 15 more

Published Jan 31, 2026

Tracked Since Feb 18, 2026