CVE-2026-23360

medium

Description

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvme_alloc_admin_tag_set() is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queue. This fixes a regression introduced by commit 03b3bcd319b3 ("nvme: fix admin request_queue lifetime").

References

https://git.kernel.org/stable/c/e159eb852aeee95443a9458ecb7d072bbb689913

https://git.kernel.org/stable/c/b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d

https://git.kernel.org/stable/c/8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f

https://git.kernel.org/stable/c/64f87b96de0e645a4c066c7cffd753f334446db6

Details

Source: Mitre, NVD

Published: 2026-03-25

Updated: 2026-03-25

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018