Description
In the Linux kernel, the following vulnerability has been resolved:

scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()

Memory allocated for struct vscsiblk_info in scsiback_probe() is not
freed in scsiback_remove() leading to potential memory leaks on remove,
as well as in the scsiback_probe() error paths. Fix that by freeing it
in scsiback_remove().
Published: 2026-02-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Resource exhaustion via memory leak leading to possible denial of service
Action: Apply patch
AI Analysis

Impact

The vulnerability allows a memory leak in the Linux kernel’s Xen SCSI backend when the scsiback device is removed or fails during probing. Memory allocated for the vscsiblk information structure is not released, which can grow until system memory is exhausted, potentially causing performance degradation or service interruption. The flaw is classified as CWE‑401, indicating a failure to properly free allocated memory.

Affected Systems

This issue affects the Linux kernel, specifically versions that include the Xen SCSI backend. Known affected kernel releases include 6.19 releases and their release candidates (rc1 through rc6). The kernel source files and commits referenced in the advisory show the problem across those early 6.19 development stages.

Risk and Exploitability

The CVSS score of 5.5 places the vulnerability in the medium severity range. The EPSS score is less than 1%, implying a very low probability of exploitation observed in the wild. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation would require a local privileged user with the ability to trigger a scsiback_remove operation, such as by removing a Xen SCSI device or manipulating the device’s lifecycle, indicating that an attacker would need local access and kernel privileges. The impact is limited to resource exhaustion rather than direct confidentiality or integrity compromise.

Generated by OpenCVE AI on April 17, 2026 at 23:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an updated Linux kernel that includes the fix for scsiback_remove memory leak
  • If an immediate kernel update is not possible, disable or avoid removal of the Xen SCSI backend during operation by preventing device hot-remove actions
  • Monitor system memory usage for abnormal leakage patterns that might indicate the issue remains present

Generated by OpenCVE AI on April 17, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4475-1 linux security update
Debian DLA Debian DLA DLA-4476-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6126-1 linux security update
Debian DSA Debian DSA DSA-6127-1 linux security update
Ubuntu USN Ubuntu USN USN-8162-1 Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN Ubuntu USN USN-8180-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8180-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8186-1 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8187-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8188-1 Linux kernel (HWE) vulnerabilities
History

Tue, 17 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 06 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 05 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() Memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove() leading to potential memory leaks on remove, as well as in the scsiback_probe() error paths. Fix that by freeing it in scsiback_remove().
Title scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:38:27.269Z

Reserved: 2026-01-13T15:37:45.961Z

Link: CVE-2026-23087

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T17:16:19.570

Modified: 2026-03-17T21:10:02.693

Link: CVE-2026-23087

cve-icon Redhat

Severity :

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23087 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:45:25Z

Weaknesses