Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Short Interrupt URB Message Handling Vulnerability in CAN USB Driver

Vulnerability

A vulnerability exists in the Linux kernel's handling of short interrupt USB request buffer (URB) messages within the CAN USB driver for Fintek F81604 devices. When an interrupt URB is received with an incorrect length, the kernel fails to properly detect the discrepancy and mistakenly treats the incomplete data as valid. This issue has been addressed in the Linux kernel stable tree.

Impact

The vulnerability could lead to improper handling of USB interrupt messages, potentially allowing for incorrect data processing or communication errors with affected CAN devices.

Reproduction

The vulnerability can be reproduced by sending a short interrupt URB to a Linux system with the affected CAN USB driver loaded. The driver will incorrectly process the URB data, failing to recognize that it is shorter than expected.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree where this vulnerability has been fixed.

Added: Mar 25, 2026, 12:30 PM
Updated: Mar 25, 2026, 12:30 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
3.9
remediation
7.7
relevance
4.7
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.