CVE-2026-23176 - Vulnerability Details

- platform/x86: toshiba_haps: Fix memory leaks in add/remove routines

Description

In the Linux kernel, the following vulnerability has been resolved:

platform/x86: toshiba_haps: Fix memory leaks in add/remove routines

toshiba_haps_add() leaks the haps object allocated by it if it returns
an error after allocating that object successfully.

toshiba_haps_remove() does not free the object pointed to by
toshiba_haps before clearing that pointer, so it becomes unreachable
allocated memory.

Address these memory leaks by using devm_kzalloc() for allocating
the memory in question.

Published: 2026-02-14

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability involves improper deallocation in the Toshiba HAPS module of the Linux kernel. If toshiba_haps_add() fails after allocating its haps object, the allocation is not freed, creating a leak. When toshiba_haps_remove() clears the pointer before freeing the object, that memory also becomes unreachable. These leaks accumulate over time, consuming kernel memory and can lead to a degradation of system performance or even a kernel out‑of‑memory condition, which may result in a denial‑of‑service. The weakness aligns with CWE‑401.

Affected Systems

Affected systems are Linux kernel instances that compile the x86 platform Toshiba HAPS driver. Any kernel version that includes the buggy implementation of toshiba_haps_add and toshiba_haps_remove is susceptible, regardless of distribution; the exact affected releases are not enumerated in the advisory.

Risk and Exploitability

Risk is low exploitation probability: the EPSS score is below 1% and the vulnerability is not listed in CISA KEV. The bug is local, requiring access to the kernel to trigger the faulty routines, and there are no known remote exploits. The primary threat is accidental resource exhaustion as the bug is not user‑controllable, but a prolonged leak could lead to a denial‑of‑service scenario if the kernel runs out of memory.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`23d0ba0c908ac10139f0351023c64198d7fc1409`	affected	< 17f37c4cdf42a9e4915216b9e130fc8baef4cc64
`23d0ba0c908ac10139f0351023c64198d7fc1409`	affected	< 5bce10f0f9435afaae3fc4df9a52b01d9b3853dc
`23d0ba0c908ac10139f0351023c64198d7fc1409`	affected	< f2093e87ddec13e7a920f326c078a5f765ba89c3
`23d0ba0c908ac10139f0351023c64198d7fc1409`	affected	< ca9ff71c15bc8e48529c2033294a519a7749b272
`23d0ba0c908ac10139f0351023c64198d7fc1409`	affected	< bf0474356875d005d420f8c6b9ac168566e72e87
`23d0ba0c908ac10139f0351023c64198d7fc1409`	affected	< f93ae43780b759a70734be9bc82c1adcf7f33208
`23d0ba0c908ac10139f0351023c64198d7fc1409`	affected	< 128497456756e1b952bd5a912cd073836465109d

Linux

affected

Version	Status	Constraints
`3.17`	affected	—
`0`	unaffected	< 3.17
`5.10.250`	unaffected	≤ 5.10.*
`5.15.200`	unaffected	≤ 5.15.*
`6.1.163`	unaffected	≤ 6.1.*
`6.6.124`	unaffected	≤ 6.6.*
`6.12.70`	unaffected	≤ 6.12.*
`6.18.10`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

—

Version	Status	Scheme	Platform
`[23d0ba0c908ac10139f0351023c64198d7fc1409,17f37c4cdf42a9e4915216b9e130fc8baef4cc64)`	affected	code_commit	—
`[23d0ba0c908ac10139f0351023c64198d7fc1409,5bce10f0f9435afaae3fc4df9a52b01d9b3853dc)`	affected	code_commit	—
`[23d0ba0c908ac10139f0351023c64198d7fc1409,f2093e87ddec13e7a920f326c078a5f765ba89c3)`	affected	code_commit	—
`[23d0ba0c908ac10139f0351023c64198d7fc1409,ca9ff71c15bc8e48529c2033294a519a7749b272)`	affected	code_commit	—
`[23d0ba0c908ac10139f0351023c64198d7fc1409,bf0474356875d005d420f8c6b9ac168566e72e87)`	affected	code_commit	—
`[23d0ba0c908ac10139f0351023c64198d7fc1409,f93ae43780b759a70734be9bc82c1adcf7f33208)`	affected	code_commit	—
`[23d0ba0c908ac10139f0351023c64198d7fc1409,128497456756e1b952bd5a912cd073836465109d)`	affected	code_commit	—

Linux

Linux Kernel

—

Version	Status	Scheme	Platform
`3.17`	affected	generic	—
`[0,3.17)`	unaffected	generic	—
`[5.10.250,5.11.0)`	unaffected	semver	—
`[5.15.200,5.16.0)`	unaffected	semver	—
`[6.1.163,6.2.0)`	unaffected	semver	—
`[6.6.124,6.7.0)`	unaffected	semver	—
`[6.12.70,6.13.0)`	unaffected	semver	—
`[6.18.10,6.19.0)`	unaffected	semver	—
`[6.19,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel version that incorporates the devm_kzalloc allocation changes for toshiba_haps.
If an updated kernel is not available, backport the patch manually from the commit references linked in the advisory.
After applying the fix, perform a memory usage audit using tools such as top, vmstat, or dmesg, ensuring that no memory growth associated with the HAPS driver occurs over time.
Keep the kernel up‑to‑date with vendor releases and monitor advisories for related memory exhaustion issues.

Generated by OpenCVE AI on April 18, 2026 at 12:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4498-1	linux security update
Debian DLA	DLA-4499-1	linux-6.1 security update
Debian DSA	DSA-6141-1	linux security update
Debian DSA	DSA-6163-1	linux security update

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00051.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/128497456756e1b952bd5a912cd073836465109d
https://git.kernel.org/stable/c/17f37c4cdf42a9e4915216b9e130fc8baef4cc64
https://git.kernel.org/stable/c/5bce10f0f9435afaae3fc4df9a52b01d9b3853dc
https://git.kernel.org/stable/c/bf0474356875d005d420f8c6b9ac168566e72e87
https://git.kernel.org/stable/c/ca9ff71c15bc8e48529c2033294a519a7749b272
https://git.kernel.org/stable/c/f2093e87ddec13e7a920f326c078a5f765ba89c3
https://git.kernel.org/stable/c/f93ae43780b759a70734be9bc82c1adcf7f33208
https://lore.kernel.org/linux-cve-announce/2026021428-CVE-2026-23176-4baf@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23176
https://www.cve.org/CVERecord?id=CVE-2026-23176

History

Tue, 17 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026021428-CVE-2026-23176-4baf@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23176 https://www.cve.org/CVERecord?id=CVE-2026-23176

Sat, 14 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines toshiba_haps_add() leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshiba_haps_remove() does not free the object pointed to by toshiba_haps before clearing that pointer, so it becomes unreachable allocated memory. Address these memory leaks by using devm_kzalloc() for allocating the memory in question.
Title		platform/x86: toshiba_haps: Fix memory leaks in add/remove routines
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/128497456756e1b952bd5a912cd073836465109d https://git.kernel.org/stable/c/17f37c4cdf42a9e4915216b9e130fc8baef4cc64 https://git.kernel.org/stable/c/5bce10f0f9435afaae3fc4df9a52b01d9b3853dc https://git.kernel.org/stable/c/bf0474356875d005d420f8c6b9ac168566e72e87 https://git.kernel.org/stable/c/ca9ff71c15bc8e48529c2033294a519a7749b272 https://git.kernel.org/stable/c/f2093e87ddec13e7a920f326c078a5f765ba89c3 https://git.kernel.org/stable/c/f93ae43780b759a70734be9bc82c1adcf7f33208

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-14T16:27:08.764Z

Updated: 2026-02-14T16:27:08.764Z

Reserved: 2026-01-13T15:37:45.983Z

Link: CVE-2026-23176

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-02-14T17:15:55.320

Modified: 2026-04-15T14:34:27.800

Link: CVE-2026-23176

Redhat

Severity :

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23176 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-18T12:30:45Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object