CVE-2026-23305

HIGH EPSS 2.5%
Published Mar 25, 20263mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocket_probe When rocket_core_init() fails (as could be the case with EPROBE_DEFER), we need to properly unwind by decrementing the counter we just incremented and if this is the first core we failed to probe, remove the rocket DRM device with rocket_device_fini() as well. This matches the logic in rocket_remove(). Failing to properly unwind results in out-of-bounds accesses.

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.18  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.7

References 3

  • git.kernel.org https://git.kernel.org/stable/c/34f4495a7f72895776b81969639f527c99eb12b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fc4b49474c836cee7d9801abf05e0198fcbfa74
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eeaf28c8f4defe371a008a5ddefaf18abf534f81
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/34f4495a7f72895776b81969639f527c99eb12b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fc4b49474c836cee7d9801abf05e0198fcbfa74
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eeaf28c8f4defe371a008a5ddefaf18abf534f81
    Patch