CVE-2026-23430Improper Update of Reference Count in Linux

CWE-911Improper Update of Reference Count6 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surface's dirty tracker here causing a memory leak.

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux965544150d1cadf0e8f5bb6c13c19697e46e14293f300a41a3668095688aa4551214e8080829fa93+3
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
GHSA
GHSA-wmvm-658g-ppfx: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the su2026-04-03
OSV
CVE-2026-23430: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Don't overwrite KMS surface dirty tracker We were overwriting the surf2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: drm/vmwgfx: Don't overwrite KMS surface dirty tracker2026-04-03
Debian
CVE-2026-23430: linux - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23430 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23430 — Improper Update of Reference Count | cvebase