In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Flush anchored URBs in usbtmc_release When calling usbtmc_release, pending anchored URBs must be flushed or killed to prevent use-after-free errors (e.g. in the HCD giveback path). Call usbtmc_draw_down() to allow anchored URBs to be completed.

A flaw was found in the Linux kernel's usbtmc module. This vulnerability occurs because pending anchored Universal Serial Bus (USB) Request Blocks (URBs) are not flushed or killed when the usbtmc_release function is called. This can result in use-after-free errors, which could potentially lead to system crashes or, in some scenarios, arbitrary code execution.

USBTMC must flush anchored URBs on release to avoid completion after free. Red Hat recommends updates for instrument/gPIB-style USBTMC users; unload `usbtmc` where devices are not needed. To mitigate this issue, prevent the usbtmc module from being loaded. See https://access.redhat.com/solutions/41278 for instructions. Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Out of support scope kernel Red Hat Enterprise Linux 7 Fix deferred kernel Red Hat Enterprise Linux 7 Fix deferred kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-31758 https://nvd.nist.gov/vuln/detail/CVE-2026-31758 https://lore.kernel.org/linux-cve-announce/2026050144-CVE-2026-31758-8487@gregkh/T