#VU124556 Out-of-bounds read in Linux kernel - CVE-2026-23307
Published: March 25, 2026
Vulnerability identifier: #VU124556
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23307
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the ems_usb_read_bulk_callback() function in the CAN USB driver when handling USB bulk callback data. A local user can provide specially crafted USB input to cause memory access beyond the buffer bounds, leading to a system crash.
The attacker must have local system access and the ability to interact with the CAN USB driver via USB interface.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/1818974e1b5ef200e27f144c8cb8a246420bb54d
- https://git.kernel.org/stable/c/18f75b9cbdc3703f15965425ab69dee509b07785
- https://git.kernel.org/stable/c/1cf469026d4a2308eaa91d04dca4a900d07a5c2e
- https://git.kernel.org/stable/c/2833e13e2b099546abf5d40a483b4eb04ddd1f7b
- https://git.kernel.org/stable/c/38a01c9700b0dcafe97dfa9dc7531bf4a245deff
- https://git.kernel.org/stable/c/c703bbf8e9b4947e111c88d2ed09236a6772a471