CVE-2026-23026
MEDIUM EPSS 8.1%
Published Jan 31, 20265mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Jan 31, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original memory pointed to by gchan->config could be lost if krealloc() fails. The issue occurs when: 1. gchan->config points to previously allocated memory 2. krealloc() fails and returns NULL 3. The function directly assigns NULL to gchan->config, losing the reference to the original memory 4. The original memory becomes unreachable and cannot be freed Fix this by using a temporary variable to hold the krealloc() result and only updating gchan->config when the allocation succeeds. Found via static analysis and code review.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
8.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-401
Affected Products 14
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥5.11.1 – <5.15.199 |
| linux | linux_kernel | * | ≥5.16 – <6.1.162 |
| linux | linux_kernel | * | ≥6.2 – <6.6.122 |
| linux | linux_kernel | * | ≥6.7 – <6.12.67 |
| linux | linux_kernel | * | ≥6.13 – <6.18.7 |
| linux | linux_kernel | 5.11 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
| linux | linux_kernel | 6.19 | any |
References 7
- cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-253495.html
- git.kernel.org https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8
- git.kernel.org https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d1e182728
- git.kernel.org https://git.kernel.org/stable/c/4532f18e4ab36def1f55cd936d0fc002b2ce34c2
- git.kernel.org https://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85
- git.kernel.org https://git.kernel.org/stable/c/694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7
- git.kernel.org https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b3698d2e0c89af
Remediation
- git.kernel.org https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8
- git.kernel.org https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d1e182728
- git.kernel.org https://git.kernel.org/stable/c/4532f18e4ab36def1f55cd936d0fc002b2ce34c2
- git.kernel.org https://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85
- git.kernel.org https://git.kernel.org/stable/c/694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7
- git.kernel.org https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b3698d2e0c89af