Description
In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()

When xe_dma_buf_init_obj() fails, the attachment from
dma_buf_dynamic_attach() is not detached. Add dma_buf_detach() before
returning the error. Note: we cannot use goto out_err here because
xe_dma_buf_init_obj() already frees bo on failure, and out_err would
double-free it.

(cherry picked from commit a828eb185aac41800df8eae4b60501ccc0dbbe51)
Published: 2026-05-28
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s DRM Xe driver, a failed call to xe_dma_buf_init_obj left a dma-buf attachment in kernel memory because dma_buf_detach was not executed. The retained attachment constitutes a memory leak that is never freed, representing a CWE‑772 Unchecked Release of Memory or Resource or the related CWE‑401 Memory Leak. This flaw can increase resident memory usage over time, potentially exhausting kernel memory and causing the system to become unresponsive or crash, effectively disabling the affected workstation or server.

Affected Systems

The flaw is confined to the Linux kernel implementation of the DRM Xe driver, exposed through the xe_gem_prime_import function. All Linux distributions that ship the unpatched kernel inherit the issue; no vendor or product version is specified beyond the generic Linux kernel label.

Risk and Exploitability

The CVSS score is 7.8, indicating high severity, while the EPSS score is less than 1% and it is not listed in the CISA KEV catalog, indicating a low public exposure. The vulnerability requires local intervention over the DRM subsystem to trigger the failing buffer import, making the attack vector likely local. Because the defect results in a leaked kernel buffer that gradually increases memory consumption, the risk is primarily tied to potential resource exhaustion rather than immediate privilege escalation or data breach.

Generated by OpenCVE AI on June 10, 2026 at 18:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the commit a828eb185aac41800df8eae4b60501ccc0dbbe51 that fixes the dma-buf detach bug.
  • If an immediate kernel update is not feasible, consider disabling the Xe DRM driver or rebuilding the kernel without DRM Xe support to eliminate the code path that can trigger the leak.
  • After applying the fix or disabling the driver, monitor system memory and kernel logs for signs of dma-buf attachment growth or related errors; reboot the system if signs of resource exhaustion appear.

Generated by OpenCVE AI on June 10, 2026 at 18:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Thu, 28 May 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() When xe_dma_buf_init_obj() fails, the attachment from dma_buf_dynamic_attach() is not detached. Add dma_buf_detach() before returning the error. Note: we cannot use goto out_err here because xe_dma_buf_init_obj() already frees bo on failure, and out_err would double-free it. (cherry picked from commit a828eb185aac41800df8eae4b60501ccc0dbbe51)
Title drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:02:20.200Z

Reserved: 2026-05-13T15:03:33.104Z

Link: CVE-2026-46201

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:35.767

Modified: 2026-06-10T17:16:02.857

Link: CVE-2026-46201

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46201 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T18:30:36Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime