CVE-2026-46103

In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers are unbound without their devices being physically disconnected (e.g. on probe deferral or configuration changes). Fix the control message buffer lifetime so that it is released on driver unbind.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

25 Jun 2026, 21:18

Type Values Removed Values Added
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/10b7b676b78a7bd888d19729b459aad7fc1f428b - () https://git.kernel.org/stable/c/10b7b676b78a7bd888d19729b459aad7fc1f428b - Patch
References () https://git.kernel.org/stable/c/3df5b9110ac08f67ccfe382fc172bfee95688eec - () https://git.kernel.org/stable/c/3df5b9110ac08f67ccfe382fc172bfee95688eec - Patch
References () https://git.kernel.org/stable/c/4b7d07747400cfd7eff1ba7b8b5a7c8d5a58f705 - () https://git.kernel.org/stable/c/4b7d07747400cfd7eff1ba7b8b5a7c8d5a58f705 - Patch
References () https://git.kernel.org/stable/c/a90f0815aaa9c629ac4750e7c71c357dd7f231d7 - () https://git.kernel.org/stable/c/a90f0815aaa9c629ac4750e7c71c357dd7f231d7 - Patch
References () https://git.kernel.org/stable/c/c0d3ccc6929e4509076df8f30a4fb1dc5018b0ae - () https://git.kernel.org/stable/c/c0d3ccc6929e4509076df8f30a4fb1dc5018b0ae - Patch
References () https://git.kernel.org/stable/c/c524c124e3094d2de12235a513854c03d06a2b58 - () https://git.kernel.org/stable/c/c524c124e3094d2de12235a513854c03d06a2b58 - Patch
References () https://git.kernel.org/stable/c/cb2e41e87a2893345859440017e7178bf7a4c70d - () https://git.kernel.org/stable/c/cb2e41e87a2893345859440017e7178bf7a4c70d - Patch
References () https://git.kernel.org/stable/c/fed4626501c871890da287bec62a96e52da1af89 - () https://git.kernel.org/stable/c/fed4626501c871890da287bec62a96e52da1af89 - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CWE CWE-401
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

19 Jun 2026, 13:16

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/a90f0815aaa9c629ac4750e7c71c357dd7f231d7 -
  • () https://git.kernel.org/stable/c/cb2e41e87a2893345859440017e7178bf7a4c70d -

01 Jun 2026, 17:17

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/3df5b9110ac08f67ccfe382fc172bfee95688eec -

27 May 2026, 14:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-05-27 14:17

Updated : 2026-06-25 21:18


NVD link : CVE-2026-46103

Mitre link : CVE-2026-46103

CVE.ORG link : CVE-2026-46103


JSON object : View

Products Affected

linux

  • linux_kernel
CWE
CWE-401

Missing Release of Memory after Effective Lifetime