CVE-2026-43223 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_e

CVE

CVE-2026-43223

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_e

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_ex When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM), it returns immediately without waiting for the write URB to complete. Since the driver reuses the same URB structure, a subsequent call to pvr2_send_request_ex() attempts to submit the still-active write URB, triggering a 'URB submitted while active' warning in usb_submit_urb(). Fix this by ensuring the write URB is unlinked and waited upon if the read URB submission fails.

MEDIUM · CVSS 5.5 EPSS 0.00013

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-401Missing Release of Memory after Effective Lifetime

▤

Affected Products & Versions

7

linux kernel>= 2.6.18 and < 5.10.252
linux kernel>= 5.11 and < 5.15.202
linux kernel>= 5.16 and < 6.1.165
linux kernel>= 6.2 and < 6.6.128
linux kernel>= 6.7 and < 6.12.75
linux kernel>= 6.13 and < 6.18.16
linux kernel>= 6.19 and < 6.19.6

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD06 May 2026 · 12:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

🔗

References & Sources

8

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/2011929f0e4cf6a0a34dd6205911b12276904453Patch

https://git.kernel.org/stable/c/4ba5c7a1aade7090172cbffd4d120bf4cf5ccbdePatch

https://git.kernel.org/stable/c/58dd722b6c3debcddb4684fb256c90fee7f063e5Patch

https://git.kernel.org/stable/c/5f3ac816861c3b8a5d1a3645b17dc3a99d668d94Patch

https://git.kernel.org/stable/c/77a63f8efc434ddb04667ed632aade58301a2f13Patch

https://git.kernel.org/stable/c/a8333c8262aed2aedf608c18edd39cf5342680a7Patch

Show all 8 references

https://git.kernel.org/stable/c/cf459d6ffa5e150ef3744b897f936ff24b52bd15Patch

https://git.kernel.org/stable/c/da524c939b1e5ba17f10db4bde4bdaf569ffcda6Patch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin