Skip to main content

Linux Kernel EUVDEUVD-2026-28702

| CVE-2026-43396 MEDIUM
Memory Leak (CWE-401)
2026-05-08 Linux GHSA-j5jq-r673-59h3
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 21, 2026 - 22:03 vuln.today
CVSS changed
May 21, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/sync: Fix user fence leak on alloc failure

When dma_fence_chain_alloc() fails, properly release the user fence reference to prevent a memory leak.

(cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0)

AnalysisAI

Memory leak in the Linux kernel's drm/xe (Intel Xe GPU) sync subsystem allows a local low-privileged user to cause a denial of service by exhausting kernel memory. The flaw exists in the drm/xe/sync error-handling path: when dma_fence_chain_alloc() fails, the user fence reference is not properly released (CWE-401), leaving allocated memory permanently inaccessible to the allocator. No active exploitation has been identified (EPSS 0.02%, 4th percentile, not in CISA KEV), and patches have been backported to stable kernel branches including 6.18.20 and 6.19.9.

Technical ContextAI

The affected component is drm/xe/sync, part of the Intel Xe GPU DRM (Direct Rendering Manager) driver introduced in recent Linux kernel releases. The vulnerability manifests on the error path of dma_fence_chain_alloc(), a kernel synchronization primitive used for GPU command-queue fence chaining. When this allocation fails, the code failed to call the appropriate release function for the user fence object, resulting in a reference count never being decremented and the backing memory never being freed - a classic CWE-401 (Missing Release of Memory after Effective Lifetime). The root cause is an incomplete error-handling branch, corrected by cherry-picking commit a5d5634cde48a9fcd68c8504aa07f89f175074a0. Affected CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* for kernel versions from the introduction of the Xe driver (anchored at commit 0995c2fc39b0f998d40f5d276f67ae22fc1c37c3) up to the respective stable-branch fix commits.

RemediationAI

The primary fix is to upgrade to a patched stable kernel release: Linux 6.18.20, Linux 6.19.9, or Linux 7.0. The upstream fix was cherry-picked into three stable-branch commits available at https://git.kernel.org/stable/c/05edc78eb4699e8e000a62aaa8dace50a17e19e3, https://git.kernel.org/stable/c/f8f90b33934b307f6e4599b9fae38aa1ee5441a7, and https://git.kernel.org/stable/c/0879c3f04f67e2a1677c25dcc24669ce21eb6a6c. Distribution maintainers (RHEL, Ubuntu, SUSE, Debian) should be consulted for downstream package availability. As a compensating control where patching is not immediately feasible, administrators can unload or blacklist the xe kernel module (modprobe -r xe; echo 'blacklist xe' >> /etc/modprobe.d/blacklist.conf) on systems that do not require Xe GPU functionality - this eliminates the vulnerable code path entirely but will disable Intel Xe GPU acceleration, impacting workloads that depend on it. Restricting unprivileged access to DRM device nodes (/dev/dri/renderD*) via udev rules or file permissions provides additional defense-in-depth but does not eliminate the vulnerability for users with legitimate GPU access.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28702 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy