CVE-2026-23307

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message<br /> <br /> When looking at the data in a USB urb, the actual_length is the size of<br /> the buffer passed to the driver, not the transfer_buffer_length which is<br /> set by the driver as the max size of the buffer.<br /> <br /> When parsing the messages in ems_usb_read_bulk_callback() properly check<br /> the size both at the beginning of parsing the message to make sure it is<br /> big enough for the expected structure, and at the end of the message to<br /> make sure we don&amp;#39;t overflow past the end of the buffer for the next<br /> message.