CVE-2026-23360 - Vulnerability Details

- nvme: fix admin queue leak on controller reset

Description

In the Linux kernel, the following vulnerability has been resolved:

nvme: fix admin queue leak on controller reset

When nvme_alloc_admin_tag_set() is called during a controller reset,
a previous admin queue may still exist. Release it properly before
allocating a new one to avoid orphaning the old queue.

This fixes a regression introduced by commit 03b3bcd319b3 ("nvme: fix
admin request_queue lifetime").

Published: 2026-03-25

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The kernel bug causes the admin queue allocated during a controller reset to be orphaned instead of properly released, resulting in a resource leak. The resulting unreleased memory can accumulate, degrading system performance or leading to a denial of service. This vulnerability is categorized under CWE-772, reflecting improper resource management.

Affected Systems

The flaw affects all Linux kernel implementations that use the NVMe driver prior to the introduction of the fix. The specific kernel version ranges are not enumerated in the available data, but any kernel build lacking the patch is vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog, implying it is not widely exploited in the wild. Exploitation would likely require local access or elevated privileges that enable interaction with NVMe controller reset commands. The attack vector, inferred from the description, would involve a privileged user resetting the NVMe controller and triggering the leak, potentially leading to resource exhaustion over time.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ff037b5f47eeccc1636c03f84cd47db094eb73c9`	affected	< 089a6f17881a82c6c6e05f8564a867be0767eade
`4896491c497226022626c3acc46044fd182f943c`	affected	< 6e28bab900e40e4d610b04f9f82e01983d8fb356
`a505f0ba36ab24176c300d7ff56aff85c2977e6c`	affected	< 2efbc838a26d3da72d8fe05770bdf869d4ca3ac5
`e8061d02b49c5c901980f58d91e96580e9a14acf`	affected	< 64f87b96de0e645a4c066c7cffd753f334446db6
`03b3bcd319b3ab5182bc9aaa0421351572c78ac0`	affected	< e159eb852aeee95443a9458ecb7d072bbb689913
`03b3bcd319b3ab5182bc9aaa0421351572c78ac0`	affected	< 8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f
`03b3bcd319b3ab5182bc9aaa0421351572c78ac0`	affected	< b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d
`e7dac681790556c131854b97551337aa8042215b`	affected	—

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.1.168`	unaffected	≤ 6.1.*
`6.6.131`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.1.167:::::::*
	cpe:2.3:o:linux:linux_kernel:6.18:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[e8061d02b49c5c901980f58d91e96580e9a14acf,64f87b96de0e645a4c066c7cffd753f334446db6)`	affected	code_commit	—
`[03b3bcd319b3ab5182bc9aaa0421351572c78ac0,e159eb852aeee95443a9458ecb7d072bbb689913)`	affected	code_commit	—
`[03b3bcd319b3ab5182bc9aaa0421351572c78ac0,8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f)`	affected	code_commit	—
`[03b3bcd319b3ab5182bc9aaa0421351572c78ac0,b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d)`	affected	code_commit	—
`ff037b5f47eeccc1636c03f84cd47db094eb73c9`	affected	code_commit	—
`a505f0ba36ab24176c300d7ff56aff85c2977e6c`	affected	code_commit	—
`e7dac681790556c131854b97551337aa8042215b`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	semver	—
`[6.12.77,6.13.0)`	unaffected	semver	—
`[6.18.17,6.19.0)`	unaffected	semver	—
`[6.19.7,6.20.0)`	unaffected	semver	—
`[7.0-rc3,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version containing the commit that fixes the admin queue leak (e.g., post-commit 03b3bcd319b3).
If an immediate kernel upgrade is infeasible, consider disabling the NVMe driver temporarily or ensuring that controller resets are performed only during maintenance windows to limit the impact.

Generated by OpenCVE AI on March 26, 2026 at 14:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/089a6f17881a82c6c6e05f8564a867be0767eade
https://git.kernel.org/stable/c/2efbc838a26d3da72d8fe05770bdf869d4ca3ac5
https://git.kernel.org/stable/c/64f87b96de0e645a4c066c7cffd753f334446db6
https://git.kernel.org/stable/c/6e28bab900e40e4d610b04f9f82e01983d8fb356
https://git.kernel.org/stable/c/8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f
https://git.kernel.org/stable/c/b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d
https://git.kernel.org/stable/c/e159eb852aeee95443a9458ecb7d072bbb689913
https://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23360-c464@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23360
https://www.cve.org/CVERecord?id=CVE-2026-23360

History

Fri, 24 Apr 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:6.1.167:::::::* cpe:2.3:o:linux:linux_kernel:6.18:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::

Sat, 11 Apr 2026 13:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/089a6f17881a82c6c6e05f8564a867be0767eade https://git.kernel.org/stable/c/6e28bab900e40e4d610b04f9f82e01983d8fb356

Thu, 02 Apr 2026 11:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/2efbc838a26d3da72d8fe05770bdf869d4ca3ac5

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-399 CWE-401

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23360-c464@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23360 https://www.cve.org/CVERecord?id=CVE-2026-23360
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-399 CWE-401

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvme_alloc_admin_tag_set() is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queue. This fixes a regression introduced by commit 03b3bcd319b3 ("nvme: fix admin request_queue lifetime").
Title		nvme: fix admin queue leak on controller reset
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/64f87b96de0e645a4c066c7cffd753f334446db6 https://git.kernel.org/stable/c/8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f https://git.kernel.org/stable/c/b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d https://git.kernel.org/stable/c/e159eb852aeee95443a9458ecb7d072bbb689913

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:27:43.892Z

Updated: 2026-04-13T06:05:46.223Z

Reserved: 2026-01-13T15:37:46.001Z

Link: CVE-2026-23360

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-03-25T11:16:34.907

Modified: 2026-04-24T18:59:28.380

Link: CVE-2026-23360

Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23360 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-27T09:49:17Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object