CVE-2026-23421

high

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees ctx_restore_post_bb. Free ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation when the configfs device is removed. (cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)

References

https://git.kernel.org/stable/c/e377182f0266f46f02d01838e6bde67b9dac0d66

https://git.kernel.org/stable/c/7f971dfd48983074adc7bbcea3ee95ce7aad47cb

https://git.kernel.org/stable/c/3557359ea3df32430ea7c30f7a708ca9a91d7e0e

Details

Source: Mitre, NVD

Published: 2026-04-03

Updated: 2026-04-03

Risk Information

CVSS v2

Base Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00017