CVE-2026-23360 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvme_alloc_admin_tag_set() is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queue. This fixes a regression introduced by commit 03b3bcd319b3 ("nvme: fix admin request_queue lifetime").

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.13.0 — 6.18.17+2

▶Debianlinux/linux_kernel< 6.19.8-1

▶CVEListV5linux/linuxff037b5f47eeccc1636c03f84cd47db094eb73c9 — 089a6f17881a82c6c6e05f8564a867be0767eade+8

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-mx2c-4m76-c7r4: In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvme_alloc_admin_tag_set() i↗2026-03-25

▶

OSV

CVE-2026-23360: In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvme_alloc_admin_tag_set() is↗2026-03-25

▶

OSV

nvme: fix admin queue leak on controller reset↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: nvme: fix admin queue leak on controller reset↗2026-03-25

▶

Debian

CVE-2026-23360: linux - In the Linux kernel, the following vulnerability has been resolved: nvme: fix a...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23360 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶