CVE-2026-23426 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()

The logicvc_drm_config_parse() function calls of_get_child_by_name() to
find the "layers" node but fails to release the reference, leading to a
device node reference leak.

Fix this by using the __free(device_node) cleanup attribute to automatic
release the reference when the variable goes out of scope.

Published: 2026-04-03

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s DRM logicvc driver has a flaw where the function logicvc_drm_config_parse obtains a reference to a device node but never releases it, which can cause the node’s reference count to grow without bound. Based on the description, it is inferred that this leak could lead to resource exhaustion or kernel instability if it accumulates over time. The weakness is improper resource cleanup, corresponding to CWE‑772.

Affected Systems

The vulnerability affects any Linux kernel that contains the unpatched logicvc DRM component. Because the driver is part of the core kernel, the flaw is independent of distribution and applies to all releases that still include the legacy logicvc implementation. No specific affected version range is listed, so all kernels prior to the inclusion of the fix are potentially impacted.

Risk and Exploitability

The CVSS score, EPSS score, and KEV status are not provided, indicating a lack of published severity metrics or known widespread exploitation. Based on the description, it is inferred that an attacker would need to load or reconfigure the logicvc driver to invoke logicvc_drm_config_parse and trigger the reference leak repeatedly. The risk stems from possible uncontrolled resource consumption, but the practical exploitability remains uncertain without further evidence.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< b88f49910be147b7974098b9172b0d3873142d6a
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< 0bd326dffd9e103335d77d9c31275c0d5a7979eb
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< 871630255ecd2d9b64ad1d75a7dfc0567d7d9989
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< f8a6eba20edb938166b26e133cc61306e1bc6de9
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< 78e91e49d28e05ccaa6b445bafb5e367d57c9583
`efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5`	affected	< fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207

Linux

affected

Version	Status	Constraints
`6.0`	affected	—
`0`	unaffected	< 6.0
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0-rc2`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,b88f49910be147b7974098b9172b0d3873142d6a)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,0bd326dffd9e103335d77d9c31275c0d5a7979eb)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,871630255ecd2d9b64ad1d75a7dfc0567d7d9989)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,f8a6eba20edb938166b26e133cc61306e1bc6de9)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,78e91e49d28e05ccaa6b445bafb5e367d57c9583)`	affected	code_commit	—
`[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.0`	affected	generic	—
`[0,6.0)`	unaffected	generic	—
`[6.1.167,6.2.0)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.77,6.13.0)`	unaffected	semver	—
`[6.18.17,6.19.0)`	unaffected	semver	—
`[6.19.7,6.20.0)`	unaffected	semver	—
`[7.0-rc2,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a recent kernel update that contains the logicvc_drm_config_parse device node reference leak fix.
If an immediate update is not feasible, disable the logicvc DRM driver until a patch is available.
Monitor system logs for indications of device node reference leaks or abnormal driver activity.
Verify that no unpatched logicvc sources are present in custom kernel builds.

Generated by OpenCVE AI on April 3, 2026 at 18:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb
https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583
https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989
https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a
https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9
https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207
https://lore.kernel.org/linux-cve-announce/2026040305-CVE-2026-23426-4c05@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23426
https://www.cve.org/CVERecord?id=CVE-2026-23426

History

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026040305-CVE-2026-23426-4c05@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23426 https://www.cve.org/CVERecord?id=CVE-2026-23426

Fri, 03 Apr 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logicvc_drm_config_parse() function calls of_get_child_by_name() to find the "layers" node but fails to release the reference, leading to a device node reference leak. Fix this by using the __free(device_node) cleanup attribute to automatic release the reference when the variable goes out of scope.
Title		drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583 https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989 https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9 https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T13:24:34.276Z

Updated: 2026-04-03T13:24:34.276Z

Reserved: 2026-01-13T15:37:46.015Z

Link: CVE-2026-23426

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-03T14:16:28.890

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-23426

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23426 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-03T21:16:28Z

Weaknesses

CWE-911

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object