Description
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"), the URB was re-anchored before usb_submit_urb() in gs_usb_receive_bulk_callback() to prevent a leak of this URB during cleanup. However, this patch did not take into account that usb_submit_urb() could fail. The URB remains anchored and usb_kill_anchored_urbs(&parent->rx_submitted) in gs_can_close() loops infinitely since the anchor list never becomes empty. To fix the bug, unanchor the URB when an usb_submit_urb() error occurs, also print an info message.
References (6)
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
4.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (13)
linux/Kernel
6.12.67 - 6.12.68linux
linux/Kernel
6.18.7 - 6.18.8linux
Linux/Linux
08624b7206ddb9148eeffc2384ebda2c47b6d1e9 - c610b550ccc0438d456dfe1df9f4f36254ccaae3
Linux/Linux
6.12.67 - 6.12.68
Linux/Linux
6.18.7 - 6.18.8
Linux/Linux
7352e1d5932a0e777e39fa4b619801191f57e603 - 79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7
Linux/Linux
9c151898cc259a7784be60ba38664f42ede39b31 - da01de754e455e2598a7f1ce4ff2078c4f0ecde1
Linux/Linux
9f669a38ca70839229b7ba0f851820850a2fe1f7 - c3edc14da81a8d8398682f6e4ab819f09f37c0b7
Linux/Linux
ec5ccc2af9e5b045671f3f604b57512feda8bcc5 - aa8a8866c533a150be4763bcb27993603bd5426c
Linux/Linux
f905bcfa971edb89e398c98957838d8c6381c0c7 - ce4352057fc5a986c76ece90801b9755e7c6e56c
... and 3 more
Published
Feb 04, 2026
Tracked Since
Feb 18, 2026