CVE-2026-23421 — Missing Release of Resource after Effective Lifetime in Linux

CWE-772 — Missing Release of Resource after Effective Lifetime6 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 94.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees ctx_restore_post_bb. Free ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation when the configfs device is removed. (cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)

Affected Packages3 packages

▶Debianlinux/linux_kernel< 6.19.8-1

▶CVEListV5linux/linuxb30d5de3d40c3fa642079bac0d91f17091c5f877 — 7f971dfd48983074adc7bbcea3ee95ce7aad47cb+3

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-5rf8-f7c5-4xmw: In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is↗2026-04-03

▶

OSV

CVE-2026-23421: In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is a↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: drm/xe/configfs: Free ctx_restore_mid_bb in release↗2026-04-03

▶

Debian

CVE-2026-23421: linux - In the Linux kernel, the following vulnerability has been resolved: drm/xe/conf...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23421 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶