VYPR
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 8, 2026

CVE-2026-43223

CVE-2026-43223

Description

In the Linux kernel, the following vulnerability has been resolved:

media: pvrusb2: fix URB leak in pvr2_send_request_ex

When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM), it returns immediately without waiting for the write URB to complete. Since the driver reuses the same URB structure, a subsequent call to pvr2_send_request_ex() attempts to submit the still-active write URB, triggering a 'URB submitted while active' warning in usb_submit_urb().

Fix this by ensuring the write URB is unlinked and waited upon if the read URB submission fails.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.18,<5.10.252
    • (no CPE)

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.