In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than parent USB device. This avoids issues like memory leaks when drivers are unbound without their devices being physically disconnected (e.g. on probe deferral or configuration changes). Fix the control message buffer lifetime so that it is released on driver unbind.

A flaw was found in the Linux kernel's `can: ucan` USB driver. This vulnerability arises from incorrect management of device resource lifetimes, where resources are tied to the parent USB device instead of the USB interface. This can lead to memory leaks when drivers are unbound without the associated devices being physically disconnected, such as during probe deferral or configuration changes. The primary consequence is a memory leak, which could potentially impact system stability or performance over time.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-46103 https://nvd.nist.gov/vuln/detail/CVE-2026-46103 https://lore.kernel.org/linux-cve-announce/2026052705-CVE-2026-46103-9028@gregkh/T