{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23421", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.015Z", "datePublished": "2026-04-03T13:24:30.548Z", "dateUpdated": "2026-04-03T13:24:30.548Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T13:24:30.548Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/configfs: Free ctx_restore_mid_bb in release\n\nctx_restore_mid_bb memory is allocated in wa_bb_store(), but\nxe_config_device_release() only frees ctx_restore_post_bb.\n\nFree ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation\nwhen the configfs device is removed.\n\n(cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_configfs.c"], "versions": [{"version": "b30d5de3d40c3fa642079bac0d91f17091c5f877", "lessThan": "7f971dfd48983074adc7bbcea3ee95ce7aad47cb", "status": "affected", "versionType": "git"}, {"version": "b30d5de3d40c3fa642079bac0d91f17091c5f877", "lessThan": "3557359ea3df32430ea7c30f7a708ca9a91d7e0e", "status": "affected", "versionType": "git"}, {"version": "b30d5de3d40c3fa642079bac0d91f17091c5f877", "lessThan": "e377182f0266f46f02d01838e6bde67b9dac0d66", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_configfs.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7f971dfd48983074adc7bbcea3ee95ce7aad47cb"}, {"url": "https://git.kernel.org/stable/c/3557359ea3df32430ea7c30f7a708ca9a91d7e0e"}, {"url": "https://git.kernel.org/stable/c/e377182f0266f46f02d01838e6bde67b9dac0d66"}], "title": "drm/xe/configfs: Free ctx_restore_mid_bb in release", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/configfs: Free ctx_restore_mid_bb in release\n\nctx_restore_mid_bb memory is allocated in wa_bb_store(), but\nxe_config_device_release() only frees ctx_restore_post_bb.\n\nFree ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation\nwhen the configfs device is removed.\n\n(cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)"}], "id": "CVE-2026-23421", "lastModified": "2026-04-03T16:10:23.730", "metrics": {}, "published": "2026-04-03T14:16:28.190", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3557359ea3df32430ea7c30f7a708ca9a91d7e0e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7f971dfd48983074adc7bbcea3ee95ce7aad47cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e377182f0266f46f02d01838e6bde67b9dac0d66"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drm/xe/configfs: Free ctx_restore_mid_bb in release", "id": "2454775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454775"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel. This vulnerability is a memory leak within the `drm/xe/configfs` subsystem, where allocated memory for `ctx_restore_mid_bb` is not properly released when a `configfs` device is removed. A local attacker could exploit this by repeatedly creating and removing `configfs` devices, leading to a gradual depletion of system memory. This could result in system instability or a denial of service (DoS) condition."], "name": "CVE-2026-23421", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23421\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23421\nhttps://lore.kernel.org/linux-cve-announce/2026040304-CVE-2026-23421-dace@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b30d5de3d40c3fa642079bac0d91f17091c5f877,7f971dfd48983074adc7bbcea3ee95ce7aad47cb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b30d5de3d40c3fa642079bac0d91f17091c5f877,3557359ea3df32430ea7c30f7a708ca9a91d7e0e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[b30d5de3d40c3fa642079bac0d91f17091c5f877,e377182f0266f46f02d01838e6bde67b9dac0d66)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-03T16:37:08.589450+00:00", "value": {"mitigation_remediation": ["Apply the latest Linux kernel release that includes the fix for the ctx_restore_mid_bb memory leak.", "If an immediate kernel upgrade is not possible, patch the kernel source by adding a free call for ctx_restore_mid_bb in xe_config_device_release() (commit a235e7d0098337c3f2d1e8f3610c719a589e115f).", "Verify that the device removal path correctly frees all allocated contexts by reviewing the configfs DRM code after patching."], "summary": {"action": "Apply Patch", "impact": "Potential Information Leak via Memory Leak"}, "threat_synthesis": {"affected_systems": "The flaw resides in the drm/xe/configfs subsystem of the Linux kernel. Any kernel build that includes this subsystem \u2013 namely standard Linux kernel releases \u2013 is potentially affected. No specific version string is provided, so all kernels prior to a patch that removes the missing free are vulnerable.", "description_and_impact": "In the Linux kernel, memory allocated for ctx_restore_mid_bb during configuration of a DRM device was left unfreed when the configfs device was removed. The remaining allocated buffer could contain sensitive kernel information, which in turn gives an attacker the possibility to read leaked kernel memory or consume memory resources, affecting confidentiality and system stability.", "risk_and_exploitability": "The CVSS score is not available and the entry is not listed in CISA\u2019s KEV database. The attack vector appears to be local: an attacker who can create and destroy a configfs DRM device can trigger the leak. Because the issue leads only to a memory leak rather than execution or denial of service, the overall risk is considered low to moderate, but the potential for sensitive data exposure warrants prompt remediation. No public exploit is known, but the lack of patch availability increases the window of exposure."}}}}, "created": "2026-04-03T21:14:17.565029+00:00", "updated": "2026-04-03T21:16:33.476680+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-772"]}