CVE-2026-23063

MEDIUM EPSS 2.4%
Published Feb 4, 20264mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 4, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully released beforehand. So adding a `stop_queue` operation for the UACCE_CMD_PUT_Q command and leaving the `put_queue` operation to the final resource release ensures safety. Queue states are defined as follows: - UACCE_Q_ZOMBIE: Initial state - UACCE_Q_INIT: After opening `uacce` - UACCE_Q_STARTED: After `start` is issued via `ioctl` When executing `poweroff -f` in virt while accelerator are still working, `uacce_fops_release` and `uacce_remove` may execute concurrently. This can cause `uacce_put_queue` within `uacce_fops_release` to access a NULL `ops` pointer. Therefore, add state checks to prevent accessing freed pointers.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥5.7  –  <5.10.249
linuxlinux_kernel*≥5.11  –  <5.15.199
linuxlinux_kernel*≥5.16  –  <6.1.162
linuxlinux_kernel*≥6.2  –  <6.6.122
linuxlinux_kernel*≥6.7  –  <6.12.68
linuxlinux_kernel*≥6.13  –  <6.18.8
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/26c08dabe5475d99a13f353d8dd70e518de45663
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/336fb41a186e7c0415ae94fec9e23d1f04b87483
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43f233eb6e7b9d88536881a9bc43726d0e34800d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47634d70073890c9c37e39ab4ff93d4b585b028a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8b57bf1d3b1db692f34bce694a03e41be79f6016
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92e4f11e29b98ef424ff72d6371acac03e5d973c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b457abeb5d962db88aaf60e249402fd3073dbfab
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/26c08dabe5475d99a13f353d8dd70e518de45663
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/336fb41a186e7c0415ae94fec9e23d1f04b87483
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43f233eb6e7b9d88536881a9bc43726d0e34800d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47634d70073890c9c37e39ab4ff93d4b585b028a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8b57bf1d3b1db692f34bce694a03e41be79f6016
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92e4f11e29b98ef424ff72d6371acac03e5d973c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b457abeb5d962db88aaf60e249402fd3073dbfab
    Patch