CVE-2026-23466 — Insufficient Granularity of Access Control in Linux

CWE-1220 — Insufficient Granularity of Access Control6 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 93.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Open-code GGTT MMIO access protection GGTT MMIO access is currently protected by hotplug (drm_dev_enter), which works correctly when the driver loads successfully and is later unbound or unloaded. However, if driver load fails, this protection is insufficient because drm_dev_unplug() is never called. Additionally, devm release functions cannot guarantee that all BOs with GGTT mappings are destroyed before the GGTT MMI…

Affected Packages3 packages

▶Debianlinux/linux_kernel< 6.19.10-1

▶CVEListV5linux/linux919bb54e989c1edef87e9797be125c94c450fc65 — e2b424aadecb640f9e037b2891191cf8fd4c64cf+4

▶debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

OSV

CVE-2026-23466: In the Linux kernel, the following vulnerability has been resolved: drm/xe: Open-code GGTT MMIO access protection GGTT MMIO access is currently protec↗2026-04-03

▶

GHSA

GHSA-92cv-r3f2-hrpf: In the Linux kernel, the following vulnerability has been resolved: drm/xe: Open-code GGTT MMIO access protection GGTT MMIO access is currently prot↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: drm/xe: Open-code GGTT MMIO access protection↗2026-04-03

▶

Debian

CVE-2026-23466: linux - In the Linux kernel, the following vulnerability has been resolved: drm/xe: Ope...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23466 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶