{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23334", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.997Z", "datePublished": "2026-03-25T10:27:24.664Z", "dateUpdated": "2026-05-11T22:04:49.994Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:04:49.994Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: f81604: handle short interrupt urb messages properly\n\nIf an interrupt urb is received that is not the correct length, properly\ndetect it and don't attempt to treat the data as valid."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/usb/f81604.c"], "versions": [{"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0", "status": "affected", "versionType": "git"}, {"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "c5d69da6c919648838734097861e979677eedcde", "status": "affected", "versionType": "git"}, {"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "36ead57443146e6b730ce1f48ca3e9b17e19a3d2", "status": "affected", "versionType": "git"}, {"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "66615e6293388f75a56226d1216fd9cfb3d95e05", "status": "affected", "versionType": "git"}, {"version": "88da17436973e463bed59bea79771fb03a21555e", "lessThan": "7299b1b39a255f6092ce4ec0b65f66e9d6a357af", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/usb/f81604.c"], "versions": [{"version": "6.5", "status": "affected"}, {"version": "0", "lessThan": "6.5", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0"}, {"url": "https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde"}, {"url": "https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2"}, {"url": "https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05"}, {"url": "https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af"}], "title": "can: usb: f81604: handle short interrupt urb messages properly", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "32772849-BF02-4208-99C1-068667D43F23", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:-:*:*:*:*:*:*", "matchCriteriaId": "A2D9420A-9BF4-4C16-B6DA-8A1D279F7384", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb: f81604: handle short interrupt urb messages properly\n\nIf an interrupt urb is received that is not the correct length, properly\ndetect it and don't attempt to treat the data as valid."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ncan: usb: f81604: manejar correctamente los mensajes urb de interrupci\u00f3n cortos\n\nSi se recibe un urb de interrupci\u00f3n que no tiene la longitud correcta, detectarlo correctamente y no intentar tratar los datos como v\u00e1lidos."}], "id": "CVE-2026-23334", "lastModified": "2026-04-23T21:13:15.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:30.903", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/36ead57443146e6b730ce1f48ca3e9b17e19a3d2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/66615e6293388f75a56226d1216fd9cfb3d95e05"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7299b1b39a255f6092ce4ec0b65f66e9d6a357af"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c5d69da6c919648838734097861e979677eedcde"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: can: usb: f81604: handle short interrupt urb messages properly", "id": "2451219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451219"}, "csaw": false, "cwe": "CWE-131", "details": ["A flaw was found in the Linux kernel's `can: usb: f81604` module. This vulnerability arises when the system processes Universal Serial Bus (USB) interrupt request blocks (URBs) that are shorter than their expected length. Improper handling of these malformed messages could lead to unexpected system behavior or resource issues, potentially resulting in a Denial of Service (DoS)."], "name": "CVE-2026-23334", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23334\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23334\nhttps://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23334-1b12@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88da17436973e463bed59bea79771fb03a21555e,9b740ff5bc649575a5e14ca8ee54e3dd5010aaf0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88da17436973e463bed59bea79771fb03a21555e,c5d69da6c919648838734097861e979677eedcde)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88da17436973e463bed59bea79771fb03a21555e,36ead57443146e6b730ce1f48ca3e9b17e19a3d2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88da17436973e463bed59bea79771fb03a21555e,66615e6293388f75a56226d1216fd9cfb3d95e05)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[88da17436973e463bed59bea79771fb03a21555e,7299b1b39a255f6092ce4ec0b65f66e9d6a357af)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.5"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.5)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "7.0-rc3"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-29T04:35:26.343636+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a release that incorporates the f81604 interrupt URB handling fix.", "If a kernel upgrade is not immediately possible, unload or disable the f81604 CAN driver to remove the vulnerable code path.", "Ensure that any custom USB drivers or modules enforce bounds\u2011checking on buffer sizes before processing data, mitigating the CWE\u2011131 flaw.", "Restrict USB device usage by configuring device trust filtering or blacklisting the f81604 module, thereby limiting exposure."], "summary": {"action": "Patch Now", "impact": "Denial of Service via improper handling of short USB interrupt URBs"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that include the unpatched f81604 driver \u2013 for example kernel 6.5, the 7.0 release\u2011candidate series (RC1 through RC7), and any kernel matching the CPEs listed in the advisory \u2013 remain vulnerable until the fix is applied. Systems that compile the driver into the kernel or load it as a module are affected.", "description_and_impact": "The f81604 CAN driver in the Linux kernel does not validate the length of interrupt USB Request Blocks. When a USB device sends an URB that is shorter than expected, the driver can mistake the incomplete data for a legitimate message. This flaw can lead the kernel to process invalid data, potentially causing a denial of service or other instability. The CVE description explicitly states that the driver now detects short URBs and avoids treating the data as valid. This attack vector is inferred from the requirement for a crafted USB interrupt message, implying local or physical access to the target machine.", "risk_and_exploitability": "This vulnerability has a moderate CVSS score of 5.5 and an EPSS score of less than 1\u202f%, indicating a low likelihood of exploitation as of the current data. It is not listed in the CISA KEV catalog. Exploitation would require an attacker to deliver a crafted USB interrupt message to a device that uses the f81604 driver. The requirement of local or physical access is inferred from the description."}}}}, "created": "2026-03-25T21:32:19.644625+00:00", "updated": "2026-04-29T04:45:03.114750+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}