CVE-2026-23021

net: usb: pegasus: fix memory leak in update_eth_regs_async()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronously writing to the device registers and if usb_submit_urb()
fail, the code fail to release allocated to this point resources.

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronously writing to the device registers and if usb_submit_urb() fail, the code fail to release allocated to this point resources.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.162-1.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-01-13 CVE Reserved
2026-01-31 CVE Published
2026-02-09 CVE Updated
2026-03-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/323b34963d113efb566635f43858f40cce01d5f9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/5397ea6d21c35a17707e201a60761bdee00bcc4e	2026-01-19
https://git.kernel.org/stable/c/a40af9a2904a1ab8ce61866ebe2a894ef30754ba	2026-01-19
https://git.kernel.org/stable/c/ac5d92d2826dec51e5d4c6854865bc5817277452	2026-01-17
https://git.kernel.org/stable/c/93f18eaa190374e0f2d253e3b1a65cee19a7abe6	2026-01-17
https://git.kernel.org/stable/c/471dfb97599eec74e0476046b3ef8e7037f27b34	2026-01-17
https://git.kernel.org/stable/c/ce6eef731aba23a988decea1df3b08cf978f7b01	2026-01-17
https://git.kernel.org/stable/c/afa27621a28af317523e0836dad430bec551eb54	2026-01-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.10 < 5.10.248 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.10 < 5.10.248"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.10 < 5.15.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.10 < 5.15.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.10 < 6.1.161 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.10 < 6.1.161"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.10 < 6.6.121 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.10 < 6.6.121"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.10 < 6.12.66 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.10 < 6.12.66"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.10 < 6.18.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.10 < 6.18.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.10 < 6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.10 < 6.19"		en		Affected