CVE-2026-23421 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees ctx_restore_post_bb. Free ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation when the configfs device is removed. (cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/3557359ea3df32430ea7c30f7a708ca9a91d7e0e
https://git.kernel.org/stable/c/7f971dfd48983074adc7bbcea3ee95ce7aad47cb
https://git.kernel.org/stable/c/e377182f0266f46f02d01838e6bde67b9dac0d66

History

Fri, 03 Apr 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees ctx_restore_post_bb. Free ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation when the configfs device is removed. (cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)
Title		drm/xe/configfs: Free ctx_restore_mid_bb in release
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3557359ea3df32430ea7c30f7a708ca9a91d7e0e https://git.kernel.org/stable/c/7f971dfd48983074adc7bbcea3ee95ce7aad47cb https://git.kernel.org/stable/c/e377182f0266f46f02d01838e6bde67b9dac0d66

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T13:24:30.548Z

Updated: 2026-04-03T13:24:30.548Z

Reserved: 2026-01-13T15:37:46.015Z

Link: CVE-2026-23421

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-03T14:16:28.190

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-23421

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23421", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.015Z", "datePublished": "2026-04-03T13:24:30.548Z", "dateUpdated": "2026-04-03T13:24:30.548Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T13:24:30.548Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/configfs: Free ctx_restore_mid_bb in release\n\nctx_restore_mid_bb memory is allocated in wa_bb_store(), but\nxe_config_device_release() only frees ctx_restore_post_bb.\n\nFree ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation\nwhen the configfs device is removed.\n\n(cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_configfs.c"], "versions": [{"version": "b30d5de3d40c3fa642079bac0d91f17091c5f877", "lessThan": "7f971dfd48983074adc7bbcea3ee95ce7aad47cb", "status": "affected", "versionType": "git"}, {"version": "b30d5de3d40c3fa642079bac0d91f17091c5f877", "lessThan": "3557359ea3df32430ea7c30f7a708ca9a91d7e0e", "status": "affected", "versionType": "git"}, {"version": "b30d5de3d40c3fa642079bac0d91f17091c5f877", "lessThan": "e377182f0266f46f02d01838e6bde67b9dac0d66", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_configfs.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7f971dfd48983074adc7bbcea3ee95ce7aad47cb"}, {"url": "https://git.kernel.org/stable/c/3557359ea3df32430ea7c30f7a708ca9a91d7e0e"}, {"url": "https://git.kernel.org/stable/c/e377182f0266f46f02d01838e6bde67b9dac0d66"}], "title": "drm/xe/configfs: Free ctx_restore_mid_bb in release", "x_generator": {"engine": "bippy-1.2.0"}}}}