Description
In the Linux kernel, the following vulnerability has been resolved:

gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()

On error handling paths, lineinfo_changed_notify() doesn't free the
allocated resources which results leaks. Fix it.
Published: 2026-02-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Leak (potential DoS)
Action: Patch
AI Analysis

Impact

In the Linux kernel, the function lineinfo_changed_notify() fails to release allocated resources when encountering errors, leading to memory leaks. This flaw is a classic example of improper memory deallocation (CWE-401) and could cause a gradual exhaustion of kernel memory, resulting in system instability or denial of service. The vulnerability does not grant any privilege escalation or data exposure, but the impact on long-running systems could be significant if the error paths are repeatedly triggered.

Affected Systems

This issue affects the Linux kernel, specifically version 6.18 and the 6.19 release candidates 1 through 6. The vulnerability is present in the core gpio:cdev subsystem. Systems running these kernel releases are vulnerable until the indicated fix is incorporated.

Risk and Exploitability

The CVSS score of 5.5 categorizes the risk as medium, and the EPSS score of less than 1% indicates that exploitation is considered unlikely at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector appears to be local, requiring code execution within the kernel to trigger the error handling path that leaks memory. No publicly available exploit has been documented.

Generated by OpenCVE AI on April 17, 2026 at 23:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the system to a Linux kernel version that contains the lineinfo_changed_notify() memory leak fix, such as the latest stable release of 6.18 or beyond.
  • If a suitable kernel update is not immediately available, backport the specific commit identified in the kernel maintainer’s references (see Git commits in the provided links) to the running kernel.
  • Continuously monitor kernel update channels and security advisories for new patches that address this issue, and apply them promptly when they become available.

Generated by OpenCVE AI on April 17, 2026 at 23:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.18:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 05 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify() On error handling paths, lineinfo_changed_notify() doesn't free the allocated resources which results leaks. Fix it.
Title gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:38:18.915Z

Reserved: 2026-01-13T15:37:45.959Z

Link: CVE-2026-23079

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T17:16:18.643

Modified: 2026-03-18T13:51:51.753

Link: CVE-2026-23079

cve-icon Redhat

Severity :

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23079 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:45:25Z

Weaknesses