Skip to main content

Linux CVE-2026-23430

| EUVDEUVD-2026-18665 MEDIUM
Memory Leak (CWE-401)
2026-04-03 Linux GHSA-wmvm-658g-ppfx
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:11 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
354c8bbf8d1e4aa61e580dbe160591feda504e4f,3f300a41a3668095688aa4551214e8080829fa93
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18665
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/vmwgfx: Don't overwrite KMS surface dirty tracker

We were overwriting the surface's dirty tracker here causing a memory leak.

AnalysisAI

Memory leak in Linux kernel drm/vmwgfx driver caused by overwriting KMS surface dirty tracker without proper cleanup. The vulnerability affects the VMware graphics driver subsystem in the kernel, allowing local attackers to trigger memory exhaustion through repeated surface operations. No CVSS score, EPSS data, or KEV status available; fix commits exist in upstream stable kernel branches.

Technical ContextAI

The vulnerability exists in the drm/vmwgfx (Direct Rendering Manager VMware GFX) subsystem of the Linux kernel, which manages graphics output for VMware virtual machines. The root cause is improper memory management in the KMS (Kernel Mode Setting) surface dirty tracker mechanism-a data structure responsible for tracking which portions of a graphics surface need to be redrawn. The code was directly overwriting the dirty tracker pointer without deallocating the previously allocated memory, causing a classic memory leak. This affects the vmwgfx driver's surface state management and impacts any Linux system running as a VMware guest with the vmwgfx driver enabled.

RemediationAI

Update the Linux kernel to a version including upstream fix commit 3f300a41a3668095688aa4551214e8080829fa93 or later stable kernel releases. Users should check their distribution's kernel update channels for patches backporting these changes. The fix is available in git.kernel.org stable branches (referenced commits: 3f300a41a3668095688aa4551214e8080829fa93, 354c8bbf8d1e4aa61e580dbe160591feda504e4f, c6cb77c474a32265e21c4871c7992468bf5e7638). For systems unable to immediately patch, limiting access to drm/vmwgfx device nodes or disabling the driver if not required can reduce exposure, though this may impact graphics functionality in VMware guests.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23430 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy