CVE-2026-23091 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Latest updateApr 16
Description
In the Linux kernel, the following vulnerability has been resolved:
intel_th: fix device leak on output open()
Make sure to drop the reference taken when looking up the th device
during output device open() on errors and on close().
Note that a recent commit fixed the leak in a couple of open() error
paths but not all of them, and the reference is still leaking on
successful open().
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux39f4034693b7c7bd1fe4cb58c93259d600f55561 — af4b9467296b9a16ebc008147238070236982b6d+7
Patches
🔴Vulnerability Details
3OSV▶
CVE-2026-23091: In the Linux kernel, the following vulnerability has been resolved: intel_th: fix device leak on output open() Make sure to drop the reference taken w↗2026-02-04
GHSA▶
GHSA-phfq-ppcx-5j3h: In the Linux kernel, the following vulnerability has been resolved:
intel_th: fix device leak on output open()
Make sure to drop the reference taken↗2026-02-04
📋Vendor Advisories
5Debian▶
CVE-2026-23091: linux - In the Linux kernel, the following vulnerability has been resolved: intel_th: f...↗2026