CVE-2026-23426
Description
In the Linux kernel, the following vulnerability has been resolved:
drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()
The logicvc_drm_config_parse() function calls of_get_child_by_name() to find the "layers" node but fails to release the reference, leading to a device node reference leak.
Fix this by using the __free(device_node) cleanup attribute to automatic release the reference when the variable goes out of scope.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A reference leak in Linux kernel drm/logicvc driver can lead to memory exhaustion, fixed by using automatic cleanup attribute.
Vulnerability
In the Linux kernel's DRM driver for the LogiCVC display controller, the function logicvc_drm_config_parse() acquires a device node reference via of_get_child_by_name() to locate the "layers" child node, but it never releases that reference. This oversight creates a device node reference leak, meaning the kernel's reference count for the node is permanently incremented, preventing proper garbage collection and leading to memory resource waste.
Exploitation
The vulnerability is triggered automatically during driver initialization when logicvc_drm_config_parse() is invoked. No special privileges or authentication are required, as the leak occurs in normal kernel boot or module loading. An attacker who can force repeated bind/unbind cycles of the drm/logicvc driver, or load the module multiple times, could accelerate the leak. However, the leak is local and requires the system to be running a vulnerable kernel version.
Impact
While the CVSS v3 base score is 5.5 (Medium), the primary impact is availability. Repeated exploitation could gradually exhaust kernel memory (since device node structures are not freed), leading to system instability or denial of service. Data confidentiality and integrity are not directly affected.
Mitigation
The fix has been committed to the Linux kernel stable trees: commits [1], [2], [3], and [4] each apply the same correction to different stable branches. The resolution replaces the manual reference release with the __free(device_node) cleanup attribute, ensuring the reference is automatically dropped when the local variable goes out of scope. Users should update to a kernel containing the fix.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.0.1,<6.1.167
- cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979ebnvdPatch
- git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583nvdPatch
- git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989nvdPatch
- git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6anvdPatch
- git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9nvdPatch
- git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207nvdPatch
News mentions
0No linked articles in our index yet.