{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23418", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.014Z", "datePublished": "2026-04-03T13:24:22.572Z", "dateUpdated": "2026-04-03T13:24:22.572Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T13:24:22.572Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/reg_sr: Fix leak on xa_store failure\n\nFree the newly allocated entry when xa_store() fails to avoid a memory\nleak on the error path.\n\nv2: use goto fail_free. (Bala)\n\n(cherry picked from commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_reg_sr.c"], "versions": [{"version": "e5283bd4dfecbd3335f43b62a68e24dae23f59e4", "lessThan": "05e3f01974d09d1b746dedf4144f708b5033e76f", "status": "affected", "versionType": "git"}, {"version": "e5283bd4dfecbd3335f43b62a68e24dae23f59e4", "lessThan": "4f461da14c7b226d1c4c179ae69956ccb8e134e2", "status": "affected", "versionType": "git"}, {"version": "e5283bd4dfecbd3335f43b62a68e24dae23f59e4", "lessThan": "3091723785def05ebfe6a50866f87a044ae314ba", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_reg_sr.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/05e3f01974d09d1b746dedf4144f708b5033e76f"}, {"url": "https://git.kernel.org/stable/c/4f461da14c7b226d1c4c179ae69956ccb8e134e2"}, {"url": "https://git.kernel.org/stable/c/3091723785def05ebfe6a50866f87a044ae314ba"}], "title": "drm/xe/reg_sr: Fix leak on xa_store failure", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/reg_sr: Fix leak on xa_store failure\n\nFree the newly allocated entry when xa_store() fails to avoid a memory\nleak on the error path.\n\nv2: use goto fail_free. (Bala)\n\n(cherry picked from commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb)"}], "id": "CVE-2026-23418", "lastModified": "2026-04-03T16:10:23.730", "metrics": {}, "published": "2026-04-03T14:16:27.713", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/05e3f01974d09d1b746dedf4144f708b5033e76f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3091723785def05ebfe6a50866f87a044ae314ba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4f461da14c7b226d1c4c179ae69956ccb8e134e2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/xe/reg_sr: Fix leak on xa_store failure", "id": "2454776", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454776"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel. This memory leak vulnerability occurs when the `xa_store()` function fails to store a newly allocated entry, leading to the entry not being freed. An attacker could potentially exploit this flaw to exhaust system memory, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-23418", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23418\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23418\nhttps://lore.kernel.org/linux-cve-announce/2026040301-CVE-2026-23418-3cf7@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e5283bd4dfecbd3335f43b62a68e24dae23f59e4,05e3f01974d09d1b746dedf4144f708b5033e76f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e5283bd4dfecbd3335f43b62a68e24dae23f59e4,4f461da14c7b226d1c4c179ae69956ccb8e134e2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e5283bd4dfecbd3335f43b62a68e24dae23f59e4,3091723785def05ebfe6a50866f87a044ae314ba)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.14"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-03T16:38:14.194238+00:00", "value": {"mitigation_remediation": ["Verify current kernel version", "Apply the latest Linux kernel update that contains commit 6bc6fec7 or newer", "Reboot into the updated kernel", "If updating is delayed, restrict privileged access to DRM XE operations to mitigate repeated failure triggers"], "summary": {"action": "Update Kernel", "impact": "Memory Leak"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Linux kernel versions that include the drm/xe/reg_sr code before the patch that introduced commit 6bc6fec7. All distributions shipping such kernel releases are potentially exposed unless they have applied the latest update.", "description_and_impact": "A flaw in the Linux kernel\u2019s DRM XE subsystem prevents a newly allocated entry from being freed when an xa_store operation fails, causing a memory leak. If the failure path can be repeatedly triggered, kernel memory will be exhausted over time, degrading system performance or leading to instability. The weakness follows CWE\u2011401, representing an unreleased resource scenario.", "risk_and_exploitability": "No CVSS score is listed, but the risk hinges on the attacker\u2019s ability to induce repeated failures of xa_store. The EPSS score is not available and the issue does not appear in the CISA KEV catalog, suggesting limited exploitation data. Nonetheless, any system running an unpatched kernel can suffer gradual memory depletion if the defective path is exercised."}}}}, "created": "2026-04-03T21:14:21.353637+00:00", "updated": "2026-04-03T21:16:37.249362+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-401"]}