Description
In the Linux kernel, the following vulnerability has been resolved:

drm/xe/configfs: Free ctx_restore_mid_bb in release

ctx_restore_mid_bb memory is allocated in wa_bb_store(), but
xe_config_device_release() only frees ctx_restore_post_bb.

Free ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation
when the configfs device is removed.

(cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)
Published: 2026-04-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel memory leak
Action: Patch
AI Analysis

Impact

The Linux kernel contains a missing deallocation routine in the DRM Xe (xe) configuration filesystem. Memory allocated for ctx_restore_mid_bb inside wa_bb_store() is never released during device removal, allowing data to remain in kernel memory after the configfs device is released. This oversight can leak sensitive kernel data and is classified as a missing release of allocated memory.

Affected Systems

All Linux kernel releases that ship the drm/xe/configfs subsystem without the fix are affected. The vulnerability applies across distributions that include the upstream kernel module; specific version numbers are not listed in the advisory.

Risk and Exploitability

The moderate CVSS score of 5.5 reflects a mid-level severity. No publicly disclosed exploits are known and the vulnerability is not listed in the CISA catalogue. An attacker would need local privileged access or the ability to trigger the removal of a DRM Xe configfs device to trigger the leak, implying a local and privileged attack surface. Overall, the risk is considered moderate, with no immediate remote exploitation vectors identified.

Generated by OpenCVE AI on April 4, 2026 at 03:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a revision that includes the fix so that xe_config_device_release() correctly frees ctx_restore_mid_bb.
  • Verify that the patch has been applied by checking the relevant source code or release notes for the updated module.
  • If an upgrade cannot be performed immediately, restrict write and removal permissions on /sys/kernel/configfs or disable the DRM Xe device if it is not required for your workloads.
  • Continuously monitor kernel logs and system behavior for signs of kernel memory leaks or abnormal device removal events.

Generated by OpenCVE AI on April 4, 2026 at 03:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device_release() only frees ctx_restore_post_bb. Free ctx_restore_mid_bb[0].cs as well to avoid leaking the allocation when the configfs device is removed. (cherry picked from commit a235e7d0098337c3f2d1e8f3610c719a589e115f)
Title drm/xe/configfs: Free ctx_restore_mid_bb in release
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-03T13:24:30.548Z

Reserved: 2026-01-13T15:37:46.015Z

Link: CVE-2026-23421

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-03T14:16:28.190

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-23421

cve-icon Redhat

Severity : Low

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23421 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T07:54:59Z

Weaknesses