CVE-2026-23421

MEDIUM EPSS 1.7%
Published Apr 3, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 3, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees ctx_restore_post_bb. Free ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation when the configfs device is removed. (cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥6.18.1  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.7
linuxlinux_kernel6.18any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/3557359ea3df32430ea7c30f7a708ca9a91d7e0e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f971dfd48983074adc7bbcea3ee95ce7aad47cb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e377182f0266f46f02d01838e6bde67b9dac0d66
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3557359ea3df32430ea7c30f7a708ca9a91d7e0e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f971dfd48983074adc7bbcea3ee95ce7aad47cb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e377182f0266f46f02d01838e6bde67b9dac0d66
    Patch