Memory Leak Affecting kernel-uek-debug-modules-usb package, versions <0:6.12.0-201.74.2.1.el10uek


Severity

Recommended
high

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.12% (3rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE10-KERNELUEKDEBUGMODULESUSB-15860228
  • published1 Apr 2026
  • disclosed4 Feb 2026

Introduced: 4 Feb 2026

CVE-2026-23061  (opens in a new tab)
CWE-401  (opens in a new tab)

How to fix?

Upgrade Oracle:10 kernel-uek-debug-modules-usb to version 0:6.12.0-201.74.2.1.el10uek or higher.
This issue was patched in ELSA-2026-50232.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-uek-debug-modules-usb package and not the kernel-uek-debug-modules-usb package as distributed by Oracle. See How to fix? for Oracle:10 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak

Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak").

In kvaser_usb_set_{,data_}bittiming() -> kvaser_usb_setup_rx_urbs(), the URBs for USB-in transfers are allocated, added to the dev->rx_submitted anchor and submitted. In the complete callback kvaser_usb_read_bulk_callback(), the URBs are processed and resubmitted. In kvaser_usb_remove_interfaces() the URBs are freed by calling usb_kill_anchored_urbs(&dev->rx_submitted).

However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in usb_kill_anchored_urbs().

Fix the memory leak by anchoring the URB in the kvaser_usb_read_bulk_callback() to the dev->rx_submitted anchor.

CVSS Base Scores

version 3.1