CVE-2026-23426 — Improper Update of Reference Count in Linux

CWE-911 — Improper Update of Reference Count6 documents6 sources

Severity

5.3MEDIUM

No vector

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logicvc_drm_config_parse() function calls of_get_child_by_name() to find the "layers" node but fails to release the reference, leading to a device node reference leak. Fix this by using the __free(device_node) cleanup attribute to automatic release the reference when the variable goes out of scope.

Affected Packages3 packages

▶Debianlinux/linux_kernel< 6.19.8-1

▶CVEListV5linux/linuxefeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5 — b88f49910be147b7974098b9172b0d3873142d6a+6

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-6ww2-mmfj-6f5p: In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The lo↗2026-04-03

▶

OSV

CVE-2026-23426: In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logi↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()↗2026-04-03

▶

Debian

CVE-2026-23426: linux - In the Linux kernel, the following vulnerability has been resolved: drm/logicvc...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23426 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶