Skip to main content

Linux CVE-2026-23350

| EUVDEUVD-2026-15321 HIGH
Memory Leak (CWE-401)
2026-03-25 Linux GHSA-gx4p-pq85-g76x
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Re-analysis Queued
Apr 24, 2026 - 18:07 vuln.today
cvss_changed
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15321
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/queue: Call fini on exec queue creation fail

Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list (which is part of guc_id allocation). A damaged queue stored in exec_queue_lookup list would lead to invalid memory reference, sooner or later.

Call fini to free guc_id. This must be done before any internal LRCs are freed.

Since the finalization with this extra call became very similar to __xe_exec_queue_fini(), reuse that. To make this reuse possible, alter xe_lrc_put() so it can survive NULL parameters, like other similar functions.

v2: Reuse _xe_exec_queue_fini(). Make xe_lrc_put() aware of NULLs.

(cherry picked from commit 393e5fea6f7d7054abc2c3d97a4cfe8306cd6079)

AnalysisAI

A resource management vulnerability exists in the Linux kernel's DRM/XE (Intel Graphics Execution Manager) queue initialization code where the finalization function is not called when execution queue creation fails, leaving the queue registered in the GuC (GPU Unified Compute) list and potentially causing invalid memory references. This affects all Linux kernel versions containing the vulnerable DRM/XE driver code. The vulnerability could lead to memory corruption or system instability when an exec queue creation failure occurs, though exploitation would require local kernel code execution capability or ability to trigger queue creation failures.

Technical ContextAI

The vulnerability resides in the drm/xe/queue.c module of the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically in the Intel Xe GPU driver. The DRM subsystem manages graphics hardware resources, and the Xe driver handles Intel discrete and integrated GPUs. The root cause is a missing finalization call in the error path of queue initialization—every queue initialization (xe_exec_queue_init) should have a corresponding finalization call (xe_exec_queue_fini). When queue creation fails, the finalization is skipped, which means the GPU queue is never removed from the GuC's internal list and the guc_id allocation is never freed. This violates proper resource cleanup patterns and falls under the classification of improper resource management (related to CWE-404: Improper Resource Shutdown or Release). The vulnerability is specific to systems running Intel Xe-capable hardware with the affected kernel versions.

RemediationAI

Update the Linux kernel to a version that includes the patches committed at https://git.kernel.org/stable/c/fae65b8a4449ae556990efcde8d74bec4adc5925 or https://git.kernel.org/stable/c/99f9b5343cae80eb0dfe050baf6c86d722b3ba2e. System administrators should prioritize kernel updates for systems using Intel Xe GPUs in production environments. If immediate patching is not possible, disable Xe GPU driver support in kernel configuration as a temporary mitigation. Monitor system logs for any signs of memory corruption or GPU-related errors. For enterprise deployments, apply patches through standard security update channels (Ubuntu, Red Hat, SUSE, etc.) which have backported the fix to their respective kernel versions.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie not-affected - -
trixie (security) fixed 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23350 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy