{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23360", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.001Z", "datePublished": "2026-03-25T10:27:43.892Z", "dateUpdated": "2026-03-25T10:27:43.892Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:43.892Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix admin queue leak on controller reset\n\nWhen nvme_alloc_admin_tag_set() is called during a controller reset,\na previous admin queue may still exist. Release it properly before\nallocating a new one to avoid orphaning the old queue.\n\nThis fixes a regression introduced by commit 03b3bcd319b3 (\"nvme: fix\nadmin request_queue lifetime\")."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/core.c"], "versions": [{"version": "e8061d02b49c5c901980f58d91e96580e9a14acf", "lessThan": "64f87b96de0e645a4c066c7cffd753f334446db6", "status": "affected", "versionType": "git"}, {"version": "03b3bcd319b3ab5182bc9aaa0421351572c78ac0", "lessThan": "e159eb852aeee95443a9458ecb7d072bbb689913", "status": "affected", "versionType": "git"}, {"version": "03b3bcd319b3ab5182bc9aaa0421351572c78ac0", "lessThan": "8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f", "status": "affected", "versionType": "git"}, {"version": "03b3bcd319b3ab5182bc9aaa0421351572c78ac0", "lessThan": "b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d", "status": "affected", "versionType": "git"}, {"version": "ff037b5f47eeccc1636c03f84cd47db094eb73c9", "status": "affected", "versionType": "git"}, {"version": "a505f0ba36ab24176c300d7ff56aff85c2977e6c", "status": "affected", "versionType": "git"}, {"version": "e7dac681790556c131854b97551337aa8042215b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/core.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.62", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0-rc3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.120"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/64f87b96de0e645a4c066c7cffd753f334446db6"}, {"url": "https://git.kernel.org/stable/c/e159eb852aeee95443a9458ecb7d072bbb689913"}, {"url": "https://git.kernel.org/stable/c/8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f"}, {"url": "https://git.kernel.org/stable/c/b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d"}], "title": "nvme: fix admin queue leak on controller reset", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix admin queue leak on controller reset\n\nWhen nvme_alloc_admin_tag_set() is called during a controller reset,\na previous admin queue may still exist. Release it properly before\nallocating a new one to avoid orphaning the old queue.\n\nThis fixes a regression introduced by commit 03b3bcd319b3 (\"nvme: fix\nadmin request_queue lifetime\")."}], "id": "CVE-2026-23360", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:34.907", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/64f87b96de0e645a4c066c7cffd753f334446db6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e159eb852aeee95443a9458ecb7d072bbb689913"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: nvme: fix admin queue leak on controller reset", "id": "2451198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451198"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's Non-Volatile Memory Express (NVMe) subsystem. When an NVMe controller is reset, a previously allocated administration queue may not be properly released before a new one is created. This can lead to the old queue becoming orphaned, potentially causing resource exhaustion or system instability over time."], "name": "CVE-2026-23360", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23360\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23360\nhttps://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23360-c464@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-03-25T12:26:19.176841+00:00", "value": {"mitigation_remediation": ["Apply a kernel update that incorporates the NVMe admin queue leak fix (commit 03b3bcd319b3).", "If an official update is unavailable, manually apply the patch by integrating the relevant commit into the kernel source and rebuilding.", "After updating, monitor kernel logs and memory usage to confirm that admin queues are not leaked during controller resets."], "summary": {"action": "Apply Patch", "impact": "Memory Leak Leading to Resource Exhaustion"}, "threat_synthesis": {"affected_systems": "All Linux kernel versions that do not include the fix commit (03b3bcd319b3) are affected. The vulnerability resides in the NVMe driver within the kernel core; no specific version range is listed, so any kernel prior to the incorporation of the commit may be impacted.", "description_and_impact": "During a controller reset in the Linux kernel\u2019s NVMe subsystem, the admin queue is not properly released when nvme_alloc_admin_tag_set() is called. The previously allocated queue remains in memory, which can become orphaned and cause a leak. Fixing this prevents resource exhaustion that could degrade system performance or lead to a denial\u2011of\u2011service if the leak repeats.", "risk_and_exploitability": "The lack of an explicit CVSS score means severity is not quantified in the public data. The exploit path likely requires a process with sufficient permission to trigger a controller reset or run code that causes it, so remote exploitation is improbable but local privilege escalation could exploit the flaw. Because the issue is a kernel\u2011level resource leak, repeated resets could eventually exhaust memory. EPSS information is absent and the vulnerability is not flagged in the CISA KEV catalog, suggesting limited widespread exploitation currently but moderate risk if exploited."}}}}, "created": "2026-03-25T21:31:55.656291+00:00", "updated": "2026-03-25T21:31:55.656356+00:00", "vendors": [], "weaknesses": ["CWE-401", "CWE-399"]}