CVE-2026-23334

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2	Patch
https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05	Patch
https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af	Patch
https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0	Patch
https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.5:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

History

23 Apr 2026, 21:13

Type	Values Removed	Values Added
First Time		Linux Linux linux Kernel
CWE		NVD-CWE-noinfo
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: can: usb: f81604: manejar correctamente los mensajes urb de interrupción cortos Si se recibe un urb de interrupción que no tiene la longitud correcta, detectarlo correctamente y no intentar tratar los datos como válidos.
References	~~() https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2 -~~	() https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2 - Patch
References	~~() https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05 -~~	() https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05 - Patch
References	~~() https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af -~~	() https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af - Patch
References	~~() https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0 -~~	() https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0 - Patch
References	~~() https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde -~~	() https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.5:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::

25 Mar 2026, 11:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-25 11:16

Updated : 2026-04-23 21:13

NVD link : CVE-2026-23334

Mitre link : CVE-2026-23334

CVE.ORG link : CVE-2026-23334

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10