CVE-2026-23190 - Vulnerability Details

- ASoC: amd: fix memory leak in acp3x pdm dma ops

Description

In the Linux kernel, the following vulnerability has been resolved:

ASoC: amd: fix memory leak in acp3x pdm dma ops

Published: 2026-02-14

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a memory leak in the Linux kernel's Advanced Linux Sound Architecture (ASoC) AMD driver, specifically in the acp3x pdm DMA operations. When the driver operates, it fails to release allocated memory, which can accumulate over time. If the leak is exploited or repeatedly triggered, system memory can be exhausted, resulting in degraded performance or a forced reboot, thus impacting availability. The weakness is a classic resource management flaw, identified as CWE-401.

Affected Systems

Affected are Linux kernel images starting from release candidate versions 6.19‑rc1 through 6.19‑rc8 (and any later kernels that include the same code path before the fix). Systems running these kernel builds and drivers that expose the acp3x pdm DMA operations may be impacted.

Risk and Exploitability

The CVSS score of 5.5 classifies it as Medium severity. The EPSS score is less than 1 %, indicating a very low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Attackers would need local access to the system and permission to load or use the affected driver; it is not a remote attack vector. The impact mainly manifests as a denial‑of‑service condition if the resource leak is triggered repeatedly.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4a767b1d039a855c491c4853013804323c06f728`	affected	< 9f23800c7eed06cb8ccae8a225f5e3d421b0d4cc
`4a767b1d039a855c491c4853013804323c06f728`	affected	< d7ead6512650447a4cd6db774a2379acb259650c
`4a767b1d039a855c491c4853013804323c06f728`	affected	< 6d33640404968fe9f14a1252b337362b62fff490
`4a767b1d039a855c491c4853013804323c06f728`	affected	< 0e0120214b5dcb0bf6b2171bb4e68e38968b2861
`4a767b1d039a855c491c4853013804323c06f728`	affected	< c9c14d2abe4c5546fcd3a7347fadc4aad2b308d8
`4a767b1d039a855c491c4853013804323c06f728`	affected	< 279cb9180510f7e13c3a4dfde8c16a8fbc7c5709
`4a767b1d039a855c491c4853013804323c06f728`	affected	< 7f67ba5413f98d93116a756e7f17cd2c1d6c2bd6

Linux

affected

Version	Status	Constraints
`5.8`	affected	—
`0`	unaffected	< 5.8
`5.10.250`	unaffected	≤ 5.10.*
`5.15.200`	unaffected	≤ 5.15.*
`6.1.163`	unaffected	≤ 6.1.*
`6.6.124`	unaffected	≤ 6.6.*
`6.12.70`	unaffected	≤ 6.12.*
`6.18.10`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

—

Version	Status	Scheme	Platform
`[4a767b1d039a855c491c4853013804323c06f728,9f23800c7eed06cb8ccae8a225f5e3d421b0d4cc)`	affected	code_commit	—
`[4a767b1d039a855c491c4853013804323c06f728,d7ead6512650447a4cd6db774a2379acb259650c)`	affected	code_commit	—
`[4a767b1d039a855c491c4853013804323c06f728,6d33640404968fe9f14a1252b337362b62fff490)`	affected	code_commit	—
`[4a767b1d039a855c491c4853013804323c06f728,0e0120214b5dcb0bf6b2171bb4e68e38968b2861)`	affected	code_commit	—
`[4a767b1d039a855c491c4853013804323c06f728,c9c14d2abe4c5546fcd3a7347fadc4aad2b308d8)`	affected	code_commit	—
`[4a767b1d039a855c491c4853013804323c06f728,279cb9180510f7e13c3a4dfde8c16a8fbc7c5709)`	affected	code_commit	—
`[4a767b1d039a855c491c4853013804323c06f728,7f67ba5413f98d93116a756e7f17cd2c1d6c2bd6)`	affected	code_commit	—

Linux

Linux Kernel

—

Version	Status	Scheme	Platform
`5.8`	affected	generic	—
`[0,5.8)`	unaffected	generic	—
`[5.10.250,5.11.0)`	unaffected	semver	—
`[5.15.200,5.16.0)`	unaffected	semver	—
`[6.1.163,6.2.0)`	unaffected	semver	—
`[6.6.124,6.7.0)`	unaffected	semver	—
`[6.12.70,6.13.0)`	unaffected	semver	—
`[6.18.10,6.19.0)`	unaffected	semver	—
`[6.19,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a newer kernel release (e.g., Linux 6.19 final or any later version) that contains the memory‑leak fix.
If an immediate kernel upgrade is not feasible, unload or blacklist the acp3x pdm DMA ops module to prevent further memory usage until the patch is applied.
Continuously monitor system memory usage and kernel logs for abnormal growth patterns that may indicate driver‑related leaks.

Generated by OpenCVE AI on April 17, 2026 at 19:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4498-1	linux security update
Debian DLA	DLA-4499-1	linux-6.1 security update
Debian DSA	DSA-6141-1	linux security update
Debian DSA	DSA-6163-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00022.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0e0120214b5dcb0bf6b2171bb4e68e38968b2861
https://git.kernel.org/stable/c/279cb9180510f7e13c3a4dfde8c16a8fbc7c5709
https://git.kernel.org/stable/c/6d33640404968fe9f14a1252b337362b62fff490
https://git.kernel.org/stable/c/7f67ba5413f98d93116a756e7f17cd2c1d6c2bd6
https://git.kernel.org/stable/c/9f23800c7eed06cb8ccae8a225f5e3d421b0d4cc
https://git.kernel.org/stable/c/c9c14d2abe4c5546fcd3a7347fadc4aad2b308d8
https://git.kernel.org/stable/c/d7ead6512650447a4cd6db774a2379acb259650c
https://lore.kernel.org/linux-cve-announce/2026021433-CVE-2026-23190-0719@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23190
https://www.cve.org/CVERecord?id=CVE-2026-23190

History

Wed, 18 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 17 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026021433-CVE-2026-23190-0719@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23190 https://www.cve.org/CVERecord?id=CVE-2026-23190
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Sat, 14 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops
Title		ASoC: amd: fix memory leak in acp3x pdm dma ops
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0e0120214b5dcb0bf6b2171bb4e68e38968b2861 https://git.kernel.org/stable/c/279cb9180510f7e13c3a4dfde8c16a8fbc7c5709 https://git.kernel.org/stable/c/6d33640404968fe9f14a1252b337362b62fff490 https://git.kernel.org/stable/c/7f67ba5413f98d93116a756e7f17cd2c1d6c2bd6 https://git.kernel.org/stable/c/9f23800c7eed06cb8ccae8a225f5e3d421b0d4cc https://git.kernel.org/stable/c/c9c14d2abe4c5546fcd3a7347fadc4aad2b308d8 https://git.kernel.org/stable/c/d7ead6512650447a4cd6db774a2379acb259650c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-14T16:27:18.203Z

Updated: 2026-02-14T16:27:18.203Z

Reserved: 2026-01-13T15:37:45.985Z

Link: CVE-2026-23190

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-02-14T17:15:56.810

Modified: 2026-03-18T17:11:17.490

Link: CVE-2026-23190

Redhat

Severity : Important

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23190 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-17T19:30:15Z

Weaknesses

CWE-401

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object