CVE-2026-23426 - Vulnerability Details

- drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()

The logicvc_drm_config_parse() function calls of_get_child_by_name() to
find the "layers" node but fails to release the reference, leading to a
device node reference leak.

Fix this by using the __free(device_node) cleanup attribute to automatic
release the reference when the variable goes out of scope.

Published: 2026-04-03

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The logicvc_drm_config_parse() function in the Linux kernel's DRM logicvc driver retrieves a device node by name but fails to release its reference, creating a reference leak that falls under CWE-911. Over time this leak can consume kernel memory and other resources, potentially destabilizing the kernel or causing a denial of service.

Affected Systems

Systems running any Linux kernel that includes the logicvc DRM driver are susceptible. No specific version identifiers are supplied, so every kernel build containing the unpatched logicvc component may be affected.

Risk and Exploitability

The CVE does not provide a CVSS score or EPSS estimate, and it is not listed in the CISA KEV catalog. Because the flaw resides in kernel space, exploitation would require privileges that can access the DRM subsystem, implying a local‑privilege or system‑wide escalation scenario. No exploit has yet been reported, and no remote code execution vector has been identified. The likely attack vector is inferred to involve triggering logicvc_drm_config_parse() through DRM configuration, which typically requires system privileges. The primary risk is gradual resource exhaustion leading to availability problems.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< b88f49910be147b7974098b9172b0d3873142d6a
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< 0bd326dffd9e103335d77d9c31275c0d5a7979eb
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< 871630255ecd2d9b64ad1d75a7dfc0567d7d9989
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< f8a6eba20edb938166b26e133cc61306e1bc6de9
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< 78e91e49d28e05ccaa6b445bafb5e367d57c9583
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207

Linux

affected

Version	Status	Constraints
`6.0`	affected	—
`0`	unaffected	< 6.0
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.0:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,b88f49910be147b7974098b9172b0d3873142d6a)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,0bd326dffd9e103335d77d9c31275c0d5a7979eb)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,871630255ecd2d9b64ad1d75a7dfc0567d7d9989)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,f8a6eba20edb938166b26e133cc61306e1bc6de9)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,78e91e49d28e05ccaa6b445bafb5e367d57c9583)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.0`	affected	generic	—
`[0,6.0)`	unaffected	generic	—
`[6.1.167,6.2.0)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.77,6.13.0)`	unaffected	semver	—
`[6.18.17,6.19.0)`	unaffected	semver	—
`[6.19.7,6.20.0)`	unaffected	semver	—
`[7.0-rc2,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the patch or upgrade to a kernel version that incorporates the logicvc reference‑release fix.
If an upgrade is not immediately possible, disable the logicvc DRM driver or remove it from the kernel configuration.

Generated by OpenCVE AI on April 4, 2026 at 03:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb
https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583
https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989
https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a
https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9
https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207
https://lore.kernel.org/linux-cve-announce/2026040305-CVE-2026-23426-4c05@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23426
https://www.cve.org/CVERecord?id=CVE-2026-23426

History

Thu, 23 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel:6.0:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026040305-CVE-2026-23426-4c05@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23426 https://www.cve.org/CVERecord?id=CVE-2026-23426

Fri, 03 Apr 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logicvc_drm_config_parse() function calls of_get_child_by_name() to find the "layers" node but fails to release the reference, leading to a device node reference leak. Fix this by using the __free(device_node) cleanup attribute to automatic release the reference when the variable goes out of scope.
Title		drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583 https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989 https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9 https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T13:24:34.276Z

Updated: 2026-04-13T06:07:13.131Z

Reserved: 2026-01-13T15:37:46.015Z

Link: CVE-2026-23426

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-03T14:16:28.890

Modified: 2026-04-23T21:04:06.670

Link: CVE-2026-23426

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23426 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-07T07:54:54Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object