CVE-2026-23063 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

uacce: ensure safe queue release with state management

Directly calling `put_queue` carries risks since it cannot
guarantee that resources of `uacce_queue` have been fully released
beforehand. So adding a `stop_queue` operation for the
UACCE_CMD_PUT_Q command and leaving the `put_queue` operation to
the final resource release ensures safety.

Queue states are defined as follows:
- UACCE_Q_ZOMBIE: Initial state
- UACCE_Q_INIT: After opening `uacce`
- UACCE_Q_STARTED: After `start` is issued via `ioctl`

When executing `poweroff -f` in virt while accelerator are still
working, `uacce_fops_release` and `uacce_remove` may execute
concurrently. This can cause `uacce_put_queue` within
`uacce_fops_release` to access a NULL `ops` pointer. Therefore, add
state checks to prevent accessing freed pointers.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`015d239ac0142ad0e26567fd890ef8d171f13709`	affected	< b457abeb5d962db88aaf60e249402fd3073dbfab
`015d239ac0142ad0e26567fd890ef8d171f13709`	affected	< 8b57bf1d3b1db692f34bce694a03e41be79f6016
`015d239ac0142ad0e26567fd890ef8d171f13709`	affected	< 336fb41a186e7c0415ae94fec9e23d1f04b87483
`015d239ac0142ad0e26567fd890ef8d171f13709`	affected	< 43f233eb6e7b9d88536881a9bc43726d0e34800d
`015d239ac0142ad0e26567fd890ef8d171f13709`	affected	< 47634d70073890c9c37e39ab4ff93d4b585b028a
`015d239ac0142ad0e26567fd890ef8d171f13709`	affected	< 92e4f11e29b98ef424ff72d6371acac03e5d973c
`015d239ac0142ad0e26567fd890ef8d171f13709`	affected	< 26c08dabe5475d99a13f353d8dd70e518de45663

Linux

affected

Version	Status	Constraints
`5.7`	affected	—
`0`	unaffected	< 5.7
`5.10.249`	unaffected	≤ 5.10.*
`5.15.199`	unaffected	≤ 5.15.*
`6.1.162`	unaffected	≤ 6.1.*
`6.6.122`	unaffected	≤ 6.6.*
`6.12.68`	unaffected	≤ 6.12.*
`6.18.8`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::

No data.

Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4475-1	linux security update
Debian DLA	DLA-4476-1	linux-6.1 security update
Debian DSA	DSA-6126-1	linux security update
Debian DSA	DSA-6127-1	linux security update

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/26c08dabe5475d99a13f353d8dd70e518de45663
https://git.kernel.org/stable/c/336fb41a186e7c0415ae94fec9e23d1f04b87483
https://git.kernel.org/stable/c/43f233eb6e7b9d88536881a9bc43726d0e34800d
https://git.kernel.org/stable/c/47634d70073890c9c37e39ab4ff93d4b585b028a
https://git.kernel.org/stable/c/8b57bf1d3b1db692f34bce694a03e41be79f6016
https://git.kernel.org/stable/c/92e4f11e29b98ef424ff72d6371acac03e5d973c
https://git.kernel.org/stable/c/b457abeb5d962db88aaf60e249402fd3073dbfab
https://lore.kernel.org/linux-cve-announce/2026020415-CVE-2026-23063-d727@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23063
https://www.cve.org/CVERecord?id=CVE-2026-23063

History

Fri, 13 Mar 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
CPEs		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 06 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/336fb41a186e7c0415ae94fec9e23d1f04b87483 https://git.kernel.org/stable/c/8b57bf1d3b1db692f34bce694a03e41be79f6016 https://git.kernel.org/stable/c/b457abeb5d962db88aaf60e249402fd3073dbfab

Thu, 05 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026020415-CVE-2026-23063-d727@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23063 https://www.cve.org/CVERecord?id=CVE-2026-23063

Wed, 04 Feb 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully released beforehand. So adding a `stop_queue` operation for the UACCE_CMD_PUT_Q command and leaving the `put_queue` operation to the final resource release ensures safety. Queue states are defined as follows: - UACCE_Q_ZOMBIE: Initial state - UACCE_Q_INIT: After opening `uacce` - UACCE_Q_STARTED: After `start` is issued via `ioctl` When executing `poweroff -f` in virt while accelerator are still working, `uacce_fops_release` and `uacce_remove` may execute concurrently. This can cause `uacce_put_queue` within `uacce_fops_release` to access a NULL `ops` pointer. Therefore, add state checks to prevent accessing freed pointers.
Title		uacce: ensure safe queue release with state management
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/26c08dabe5475d99a13f353d8dd70e518de45663 https://git.kernel.org/stable/c/43f233eb6e7b9d88536881a9bc43726d0e34800d https://git.kernel.org/stable/c/47634d70073890c9c37e39ab4ff93d4b585b028a https://git.kernel.org/stable/c/92e4f11e29b98ef424ff72d6371acac03e5d973c

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-04T16:07:45.426Z

Updated: 2026-02-09T08:38:02.269Z

Reserved: 2026-01-13T15:37:45.953Z

Link: CVE-2026-23063

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-02-04T17:16:16.987

Modified: 2026-03-13T21:28:17.910

Link: CVE-2026-23063

Redhat

Severity :

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23063 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

Tracking

JSON object

JSON object

JSON object

JSON object

JSON object