CVE-2026-23426 - Vulnerability Details

- drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()

The logicvc_drm_config_parse() function calls of_get_child_by_name() to
find the "layers" node but fails to release the reference, leading to a
device node reference leak.

Fix this by using the __free(device_node) cleanup attribute to automatic
release the reference when the variable goes out of scope.

Published: 2026-04-03

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The logicvc_drm_config_parse() function in the Linux kernel’s DRM logicvc driver retrieves a device node named "layers" by calling of_get_child_by_name(), but the function fails to release the reference to this node. This omission creates a device node reference leak, which is a form of resource management flaw identified as CWE‑911. The leak may cause kernel memory or object references to accumulate over time if the function is invoked repeatedly.

Affected Systems

Systems running the Linux kernel v6.0 or any 7.0 release candidate (rc1 through rc7) that include the logicvc DRM driver are affected. The vulnerability is present in all builds of these kernel releases that have not incorporated the upstream fix.

Risk and Exploitability

To trigger the leak, an attacker would need to cause the kernel to execute logicvc_drm_config_parse() by providing a DRM configuration that references a device node named "layers" or by manipulating the device tree. The likely attack vector is local and requires elevated privileges, as configuring the DRM subsystem typically demands administrative access. Based on the CVSS score of 5.5 and an EPSS score of less than 1 %, the overall risk is moderate, but exploitation probability is low. The vulnerability is not listed in the CISA KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< b88f49910be147b7974098b9172b0d3873142d6a
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< 0bd326dffd9e103335d77d9c31275c0d5a7979eb
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< 871630255ecd2d9b64ad1d75a7dfc0567d7d9989
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< f8a6eba20edb938166b26e133cc61306e1bc6de9
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< 78e91e49d28e05ccaa6b445bafb5e367d57c9583
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207

Linux

affected

Version	Status	Constraints
`6.0`	affected	—
`0`	unaffected	< 6.0
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.0:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,b88f49910be147b7974098b9172b0d3873142d6a)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,0bd326dffd9e103335d77d9c31275c0d5a7979eb)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,871630255ecd2d9b64ad1d75a7dfc0567d7d9989)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,f8a6eba20edb938166b26e133cc61306e1bc6de9)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,78e91e49d28e05ccaa6b445bafb5e367d57c9583)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.0`	affected	generic	—
`[0,6.0)`	unaffected	generic	—
`[6.1.167,6.2.0)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.77,6.13.0)`	unaffected	semver	—
`[6.18.17,6.19.0)`	unaffected	semver	—
`[6.19.7,6.20.0)`	unaffected	semver	—
`[7.0-rc2,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that incorporates the logicvc reference‑release fix.
Apply the specific upstream commit (e.g., commit 0bd326dffd9e1033) that fixes the reference leak, or backport the patch to your kernel.
Disable the logicvc DRM driver or remove it from the kernel configuration to prevent the function from being invoked.

Generated by OpenCVE AI on April 29, 2026 at 01:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DSA	DSA-6238-1	linux security update
Debian DSA	DSA-6243-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb
https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583
https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989
https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a
https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9
https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207
https://lore.kernel.org/linux-cve-announce/2026040305-CVE-2026-23426-4c05@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23426
https://www.cve.org/CVERecord?id=CVE-2026-23426

History

Thu, 23 Apr 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:o:linux:linux_kernel:6.0:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026040305-CVE-2026-23426-4c05@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23426 https://www.cve.org/CVERecord?id=CVE-2026-23426

Fri, 03 Apr 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logicvc_drm_config_parse() function calls of_get_child_by_name() to find the "layers" node but fails to release the reference, leading to a device node reference leak. Fix this by using the __free(device_node) cleanup attribute to automatic release the reference when the variable goes out of scope.
Title		drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583 https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989 https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9 https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T13:24:34.276Z

Updated: 2026-05-11T22:06:40.703Z

Reserved: 2026-01-13T15:37:46.015Z

Link: CVE-2026-23426

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-03T14:16:28.890

Modified: 2026-04-23T21:04:06.670

Link: CVE-2026-23426

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23426 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-29T02:00:27Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object