Skip to main content

Linux EUVDEUVD-2026-18650

| CVE-2026-23426 MEDIUM
2026-04-03 Linux GHSA-6ww2-mmfj-6f5p
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:11 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
871630255ecd2d9b64ad1d75a7dfc0567d7d9989,78e91e49d28e05ccaa6b445bafb5e367d57c9583,0bd326dffd9e103335d77d9c31275c0d5a7979eb
EUVD ID Assigned
Apr 03, 2026 - 13:45 euvd
EUVD-2026-18650
Analysis Generated
Apr 03, 2026 - 13:45 vuln.today
CVE Published
Apr 03, 2026 - 13:24 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()

The logicvc_drm_config_parse() function calls of_get_child_by_name() to find the "layers" node but fails to release the reference, leading to a device node reference leak.

Fix this by using the __free(device_node) cleanup attribute to automatic release the reference when the variable goes out of scope.

AnalysisAI

Linux kernel drm/logicvc driver fails to release a device node reference in logicvc_drm_config_parse(), causing a reference leak that can exhaust kernel memory resources over time. The vulnerability affects all Linux kernel versions with the logicvc DRM driver enabled; it requires local access to trigger repeated calls to the vulnerable code path. This is a low-severity resource exhaustion issue resolved via kernel patch implementing automatic cleanup attributes.

Technical ContextAI

The logicvc_drm_config_parse() function in the Linux kernel's Direct Rendering Manager (DRM) subsystem calls of_get_child_by_name() to locate the 'layers' device tree node. The of_get_child_by_name() function increments the reference count of the returned device_node structure; callers must explicitly decrement this reference via of_node_put() or similar cleanup mechanism. The vulnerable code path neglected to release this reference, allowing the reference count to accumulate. The fix applies the __free(device_node) cleanup attribute (a GCC extension available in recent kernels), which automatically calls the appropriate cleanup function when the variable exits scope, eliminating manual reference management errors. This is a classic reference counting vulnerability in kernel device tree parsing code.

RemediationAI

Update the Linux kernel to a patched version incorporating commit b88f49910be147b7974098b9172b0d3873142d6a or one of the stable backport commits (0bd326dffd9e103335d77d9c31275c0d5a7979eb for 6.1, 871630255ecd2d9b64ad1d75a7dfc0567d7d9989 for 6.6, f8a6eba20edb938166b26e133cc61306e1bc6de9 for 6.9, 78e91e49d28e05ccaa6b445bafb5e367d57c9583 for 6.10, or fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207 for 6.11). Consult your Linux distribution for backported kernel updates. No workaround is available short of disabling the logicvc DRM driver or avoiding repeated device node reconfigurations. Reference the kernel.org commit history at https://git.kernel.org/stable/ for version-specific backports.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-18650 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy