VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 31, 2026· Updated Apr 15, 2026

CVE-2026-23029

CVE-2026-23029

Description

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()

In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_device struct, but kvm_eiointc_destroy() is not currently doing this, that would lead to a memory leak.

So, fix it.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel vulnerability in LoongArch KVM: kvm_eiointc_destroy() fails to free its kvm_device, causing a memory leak.

Vulnerability

Overview

In the Linux kernel's KVM subsystem for LoongArch, the function kvm_eiointc_destroy() is responsible for cleaning up a kvm_device created via kvm_ioctl_create_device(). However, the destroy function does not free the allocated kvm_device struct itself, leading to a memory leak [1].

Exploitation

Details

To exploit this vulnerability, an attacker would need the ability to create and destroy KVM devices on a LoongArch system. This typically requires local access with sufficient privileges to interact with the KVM subsystem, such as through the /dev/kvm interface. The leak occurs each time a KVM device of type eiointc is created and then destroyed, gradually consuming kernel memory.

Impact

Over time, repeated exploitation could exhaust kernel memory, potentially leading to denial-of-service conditions. The vulnerability does not directly provide code execution or privilege escalation, but memory exhaustion can degrade system performance or cause instability.

Mitigation

The issue has been fixed in the Linux kernel stable commit referenced [1]. Users are advised to apply the latest kernel updates to prevent the memory leak. No workaround is available besides updating the kernel.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.