CVE-2026-23087

medium

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() Memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove() leading to potential memory leaks on remove, as well as in the scsiback_probe() error paths. Fix that by freeing it in scsiback_remove().

References

https://git.kernel.org/stable/c/f86264ec0e2b102fcd49bf3e4f32fee669d482fc

https://git.kernel.org/stable/c/a8bb3ec8d85951a56af0a72d93ccbc2aee42eef9

https://git.kernel.org/stable/c/901a5f309daba412e2a30364d7ec1492fa11c32c

https://git.kernel.org/stable/c/4a975c72429b050c234405668b742cdecc11548e

https://git.kernel.org/stable/c/427b0fb30ddec3bad05dcd73b00718f98c7026d2

https://git.kernel.org/stable/c/32e52b56056daf0f0881fd9254706acf25b4be97

https://git.kernel.org/stable/c/24c441f0e24da175d7912095663f526ac480dc4f

Details

Source: Mitre, NVD

Published: 2026-02-04

Updated: 2026-02-06

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018