CVE-2026-23028

In the Linux kernel, a memory leak vulnerability exists in the LoongArch KVM subsystem. The function kvm_ipi_destroy(), which is invoked as the destroy callback for a kvm_device created via kvm_ioctl_create_device(), fails to free the kvm_device struct allocated during device creation. This results in a memory leak each time the device is destroyed.

To exploit this vulnerability, an attacker must have the ability to create and destroy KVM devices, which typically requires local access and the capability to interact with the KVM subsystem (e.g., via the /dev/kvm interface). No special privileges beyond those needed to use KVM are required, as the flaw is in the normal device lifecycle management.

Over time, repeatedly creating and destroying KVM devices can exhaust kernel memory, leading to a denial-of-service condition. An attacker could trigger this by repeatedly opening and closing the KVM device file descriptor, causing the system to run out of memory and potentially crash.

The fix is included in a commit to the stable Linux kernel tree [1]. Users are advised to apply the patch or update to a kernel version that includes it. No workaround is available without code changes.