CVE-2026-43223
media: pvrusb2: fix URB leak in pvr2_send_request_ex
Description
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_ex When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM), it returns immediately without waiting for the write URB to complete. Since the driver reuses the same URB structure, a subsequent call to pvr2_send_request_ex() attempts to submit the still-active write URB, triggering a 'URB submitted while active' warning in usb_submit_urb(). Fix this by ensuring the write URB is unlinked and waited upon if the read URB submission fails.
INFO
Published Date :
May 6, 2026, 12:16 p.m.
Last Modified :
May 8, 2026, 9:14 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | MEDIUM | [email protected] |
Solution
- Update the Linux kernel to the latest version.
- Apply the patch for the pvrusb2 driver.
- Ensure URBs are properly managed during submission.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-43223.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-43223 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-43223
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-43223 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-43223 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
May. 08, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-401 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.128 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.75 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.16 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.19 up to (excluding) 6.19.6 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.202 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.165 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.18 up to (excluding) 5.10.252 Added Reference Type kernel.org: https://git.kernel.org/stable/c/2011929f0e4cf6a0a34dd6205911b12276904453 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/4ba5c7a1aade7090172cbffd4d120bf4cf5ccbde Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/58dd722b6c3debcddb4684fb256c90fee7f063e5 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/5f3ac816861c3b8a5d1a3645b17dc3a99d668d94 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/77a63f8efc434ddb04667ed632aade58301a2f13 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/a8333c8262aed2aedf608c18edd39cf5342680a7 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/cf459d6ffa5e150ef3744b897f936ff24b52bd15 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/da524c939b1e5ba17f10db4bde4bdaf569ffcda6 Types: Patch -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
May. 06, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_ex When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM), it returns immediately without waiting for the write URB to complete. Since the driver reuses the same URB structure, a subsequent call to pvr2_send_request_ex() attempts to submit the still-active write URB, triggering a 'URB submitted while active' warning in usb_submit_urb(). Fix this by ensuring the write URB is unlinked and waited upon if the read URB submission fails. Added Reference https://git.kernel.org/stable/c/2011929f0e4cf6a0a34dd6205911b12276904453 Added Reference https://git.kernel.org/stable/c/4ba5c7a1aade7090172cbffd4d120bf4cf5ccbde Added Reference https://git.kernel.org/stable/c/58dd722b6c3debcddb4684fb256c90fee7f063e5 Added Reference https://git.kernel.org/stable/c/5f3ac816861c3b8a5d1a3645b17dc3a99d668d94 Added Reference https://git.kernel.org/stable/c/77a63f8efc434ddb04667ed632aade58301a2f13 Added Reference https://git.kernel.org/stable/c/a8333c8262aed2aedf608c18edd39cf5342680a7 Added Reference https://git.kernel.org/stable/c/cf459d6ffa5e150ef3744b897f936ff24b52bd15 Added Reference https://git.kernel.org/stable/c/da524c939b1e5ba17f10db4bde4bdaf569ffcda6