CVE-2026-23082

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error<br /> <br /> In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix<br /> URB memory leak"), the URB was re-anchored before usb_submit_urb() in<br /> gs_usb_receive_bulk_callback() to prevent a leak of this URB during<br /> cleanup.<br /> <br /> However, this patch did not take into account that usb_submit_urb() could<br /> fail. The URB remains anchored and<br /> usb_kill_anchored_urbs(&amp;parent-&gt;rx_submitted) in gs_can_close() loops<br /> infinitely since the anchor list never becomes empty.<br /> <br /> To fix the bug, unanchor the URB when an usb_submit_urb() error occurs,<br /> also print an info message.