{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T17:20:49.555","vulnerabilities":[{"cve":{"id":"CVE-2026-23031","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-31T12:16:06.413","lastModified":"2026-04-18T09:16:13.360","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak\n\nIn gs_can_open(), the URBs for USB-in transfers are allocated, added to the\nparent->rx_submitted anchor and submitted. In the complete callback\ngs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In\ngs_can_close() the URBs are freed by calling\nusb_kill_anchored_urbs(parent->rx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in gs_can_close().\n\nFix the memory leak by anchoring the URB in the\ngs_usb_receive_bulk_callback() to the parent->rx_submitted anchor."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): corregir fuga de memoria de URB\n\nEn gs_can_open(), los URB para transferencias USB de entrada son asignados, añadidos al ancla parent->rx_submitted y enviados. En la función de devolución de llamada completa gs_usb_receive_bulk_callback(), el URB es procesado y reenviado. En gs_can_close(), los URB son liberados llamando a usb_kill_anchored_urbs(parent->rx_submitted).\n\nSin embargo, esto no tiene en cuenta que el framework USB desancla el URB antes de que se llame a la función completa. Esto significa que una vez que un URB de entrada ha sido completado, ya no está anclado y finalmente no es liberado en gs_can_close().\n\nCorregir la fuga de memoria anclando el URB en gs_usb_receive_bulk_callback() al ancla parent->rx_submitted."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/08624b7206ddb9148eeffc2384ebda2c47b6d1e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/7352e1d5932a0e777e39fa4b619801191f57e603","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9c151898cc259a7784be60ba38664f42ede39b31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9f669a38ca70839229b7ba0f851820850a2fe1f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ec5ccc2af9e5b045671f3f604b57512feda8bcc5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/f905bcfa971edb89e398c98957838d8c6381c0c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}