CVE-2026-23305
HIGH EPSS 2.5%
Published Mar 25, 20263mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocket_probe When rocket_core_init() fails (as could be the case with EPROBE_DEFER), we need to properly unwind by decrementing the counter we just incremented and if this is the first core we failed to probe, remove the rocket DRM device with rocket_device_fini() as well. This matches the logic in rocket_remove(). Failing to properly unwind results in out-of-bounds accesses.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
2.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-125 Out-of-bounds Read Memory Safety
Affected Products 2
References 3
- git.kernel.org https://git.kernel.org/stable/c/34f4495a7f72895776b81969639f527c99eb12b9
- git.kernel.org https://git.kernel.org/stable/c/7fc4b49474c836cee7d9801abf05e0198fcbfa74
- git.kernel.org https://git.kernel.org/stable/c/eeaf28c8f4defe371a008a5ddefaf18abf534f81
Remediation
- git.kernel.org https://git.kernel.org/stable/c/34f4495a7f72895776b81969639f527c99eb12b9
- git.kernel.org https://git.kernel.org/stable/c/7fc4b49474c836cee7d9801abf05e0198fcbfa74
- git.kernel.org https://git.kernel.org/stable/c/eeaf28c8f4defe371a008a5ddefaf18abf534f81