VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Apr 3, 2026· Updated Apr 24, 2026

CVE-2026-23421

CVE-2026-23421

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/configfs: Free ctx_restore_mid_bb in release

ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees ctx_restore_post_bb.

Free ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation when the configfs device is removed.

(cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in the Linux kernel's drm/xe/configfs driver frees only ctx_restore_post_bb, missing ctx_restore_mid_bb, potentially leading to resource exhaustion.

Vulnerability

Description

In the Linux kernel's drm/xe/configfs driver, a memory leak exists where memory allocated for ctx_restore_mid_bb in wa_bb_store() is not properly freed. The xe_config_device_release() function only frees ctx_restore_post_bb, omitting the corresponding cleanup for ctx_restore_mid_bb[0].cs. This inconsistency results in a leakage of allocated memory when a configfs device is removed [1][2][3].

Attack

Vector and Prerequisites

Exploitation requires the ability to interact with the configfs interface for the Xe DRM driver, enabling allocation of the ctx_restore_mid_bb buffer followed by removal of the configfs device. Local access with sufficient privileges to manage configfs entries is necessary. The vulnerability is present in kernel versions that include the affected code before the fix [1][2][3].

Impact

An attacker who repeatedly creates and removes configfs devices can exhaust kernel memory, leading to denial-of-service conditions. The leak is incremental per device removal, and no other security implications (such as code execution or privilege escalation) have been identified from this bug [1][2][3].

Mitigation

The issue is patched in the Linux kernel stable tree. Users should update to a kernel version containing the commit that adds the missing free call for ctx_restore_mid_bb[0].cs. No workarounds have been documented; applying the kernel update is the recommended mitigation [1][2][3].

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • Linux/Kernel10 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.18.1,<6.18.17
    • cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.