Skip to main content

Linux EUVDEUVD-2026-18639

| CVE-2026-23421 MEDIUM
2026-04-03 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 24, 2026 - 15:22 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
7f971dfd48983074adc7bbcea3ee95ce7aad47cb,3557359ea3df32430ea7c30f7a708ca9a91d7e0e
EUVD ID Assigned
Apr 03, 2026 - 13:45 euvd
EUVD-2026-18639
Analysis Generated
Apr 03, 2026 - 13:45 vuln.today
CVE Published
Apr 03, 2026 - 13:24 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/configfs: Free ctx_restore_mid_bb in release

ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees ctx_restore_post_bb.

Free ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation when the configfs device is removed.

(cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)

AnalysisAI

Memory leak in Linux kernel DRM/XE configfs device release allows information disclosure through unfreed ctx_restore_mid_bb allocation. The xe_config_device_release() function fails to deallocate ctx_restore_mid_bb[0].cs memory that was previously allocated by wa_bb_store(), leaving sensitive kernel memory accessible when the configfs device is removed. Affected Linux kernel versions containing the vulnerable DRM/XE driver require patching to prevent potential information leakage.

Technical ContextAI

This vulnerability exists in the Linux kernel's DRM (Direct Rendering Manager) XE graphics driver configfs implementation. The configfs interface allows userspace configuration of graphics device parameters. During device initialization, wa_bb_store() allocates memory for both ctx_restore_post_bb and ctx_restore_mid_bb structures to store GPU command buffer sequences used for workarounds. However, the corresponding cleanup function xe_config_device_release() only deallocates ctx_restore_post_bb, leaving ctx_restore_mid_bb[0].cs unfreed. This is a classic resource management oversight where partial cleanup during device removal creates a memory leak. The leaked memory region may contain sensitive data from previous operations, creating an information disclosure vector. CWE classification indicates this falls under improper resource cleanup patterns common in kernel memory management.

RemediationAI

Vendor-released patch: Update Linux kernel to a version containing commit 7f971dfd48983074adc7bbcea3ee95ce7aad47cb, 3557359ea3df32430ea7c30f7a708ca9a91d7e0e, or e377182f0266f46f02d01838e6bde67b9dac0d66 from stable kernel branches. These commits add proper deallocation of ctx_restore_mid_bb[0].cs in xe_config_device_release(). Affected distributions should apply the upstream fix through their kernel update process. No documented workaround exists; patching is the required remediation. Refer to kernel.org stable tree references in advisory URLs for specific kernel version availability.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-18639 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy