Description
In the Linux kernel, the following vulnerability has been resolved:

uacce: fix cdev handling in the cleanup path

When cdev_device_add fails, it internally releases the cdev memory,
and if cdev_device_del is then executed, it will cause a hang error.
To fix it, we check the return value of cdev_device_add() and clear
uacce->cdev to avoid calling cdev_device_del in the uacce_remove.
Published: 2026-02-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel hang / Denial of Service
Action: Patch Now
AI Analysis

Impact

In the Linux kernel, a bug in the uacce device driver’s cleanup logic can cause the system to freeze when a failure in cdev_device_add is not handled properly. Specifically, if cdev_device_add fails, the driver internally frees cdev memory, and a subsequent call to cdev_device_del in the cleanup routine attempts to delete a freed object, resulting in a hang error. This flaw may be exploited by code that triggers the driver’s load or unload sequence, leading to local denial of service.

Affected Systems

The flaw affects Linux kernel versions that include the uacce driver with the buggy cleanup logic. Known affected releases are Linux kernel 6.19 Release Candidate 1 through RC6. It is likely that other kernel releases built before the patch commit are also vulnerable, but no further specific version information is available.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate severity, while the EPSS score is below 1 percent, showing a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring an attacker to run or load the vulnerable uacce driver on the affected system. If the flaw is triggered, the kernel will hang, causing a denial of service until the system is rebooted or the driver is unloaded.

Generated by OpenCVE AI on April 17, 2026 at 23:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy a Linux kernel update that incorporates the fix from commit 1bc3e51367c…
  • Until the kernel update can be applied, prevent the deployment or unloading of the uacce driver to avoid triggering the bug
  • Continuously monitor system stability for kernel hangs and apply any subsequent kernel patches as they become available

Generated by OpenCVE AI on April 17, 2026 at 23:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4475-1 linux security update
Debian DLA Debian DLA DLA-4476-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6126-1 linux security update
Debian DSA Debian DSA DSA-6127-1 linux security update
Ubuntu USN Ubuntu USN USN-8162-1 Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN Ubuntu USN USN-8180-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8180-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8186-1 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8187-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8188-1 Linux kernel (HWE) vulnerabilities
History

Sat, 18 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 18 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 06 Feb 2026 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 05 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdev_device_add fails, it internally releases the cdev memory, and if cdev_device_del is then executed, it will cause a hang error. To fix it, we check the return value of cdev_device_add() and clear uacce->cdev to avoid calling cdev_device_del in the uacce_remove.
Title uacce: fix cdev handling in the cleanup path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:38:36.700Z

Reserved: 2026-01-13T15:37:45.964Z

Link: CVE-2026-23096

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T17:16:20.473

Modified: 2026-03-18T13:29:58.360

Link: CVE-2026-23096

cve-icon Redhat

Severity :

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23096 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:45:25Z

Weaknesses