CVE-2026-52904 - Vulnerability Details

- drm/nouveau: fix nvkm_device leak on aperture removal failure

Description

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau: fix nvkm_device leak on aperture removal failure

When aperture_remove_conflicting_pci_devices() fails during probe, the
error path returns directly without unwinding the nvkm_device that was
just allocated by nvkm_device_pci_new(). This leaks both the device
wrapper and the pci_enable_device() reference taken inside it.

Jump to the existing fail_nvkm label so nvkm_device_del() runs and
balances both. The leak was introduced when the intermediate
nvkm_device_del() between detection and aperture removal was dropped
in favor of creating the pci device once.

Published: 2026-06-09

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel’s drm/nouveau driver, a failure in aperture_remove_conflicting_pci_devices() during probe causes the function to return early without freeing the nvkm_device that was just allocated by nvkm_device_pci_new(). The device wrapper and the pci_enable_device() reference remain unreleased, creating a memory and PCI resource leak that may lead to kernel memory exhaustion or stale PCI references. The vulnerability is a CWE‑772: Resource Leak, indicating the kernel fails to properly release allocated resources.

Affected Systems

All systems running a Linux kernel with the Nouveau NVIDIA graphics driver prior to the patch that incorporated the commit referenced in the provided URLs. No specific version range is specified, but the flaw existed until that kernel update.

Risk and Exploitability

The flaw is local to the kernel and requires a probe failure that can be induced by locally executing code or manipulating kernel module loading. There is no CVSS score, but the EPSS score is not available and the vulnerability is not listed in CISA KEV. Because the issue only allows resource exhaustion, the risk is moderate; a determined local attacker could repeatedly trigger probe failures to deplete kernel memory or PCI device reference counts, potentially leading to a denial of service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c0bfe34330b5fafdbbc63a7124841711651b96b9`	affected	< 5edd564ccb002ffc830e7818c1c4a992db774678
`c0bfe34330b5fafdbbc63a7124841711651b96b9`	affected	< 4404d7d2dda4f3cc84a8fb6ac5417a2afc3b22d6
`c0bfe34330b5fafdbbc63a7124841711651b96b9`	affected	< 843c0247cf21364e33bb5a8ffc9af57107d04d05
`c0bfe34330b5fafdbbc63a7124841711651b96b9`	affected	< 6597ff1d8de3f583be169587efeafd8af134e138

Linux

affected

Version	Status	Constraints
`6.12`	affected	—
`0`	unaffected	< 6.12
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[c0bfe34330b5fafdbbc63a7124841711651b96b9,5edd564ccb002ffc830e7818c1c4a992db774678)`	affected	code_commit	—
`[c0bfe34330b5fafdbbc63a7124841711651b96b9,4404d7d2dda4f3cc84a8fb6ac5417a2afc3b22d6)`	affected	code_commit	—
`[c0bfe34330b5fafdbbc63a7124841711651b96b9,843c0247cf21364e33bb5a8ffc9af57107d04d05)`	affected	code_commit	—
`[c0bfe34330b5fafdbbc63a7124841711651b96b9,6597ff1d8de3f583be169587efeafd8af134e138)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.12`	affected	generic	—
`[0,6.12)`	unaffected	generic	—
`[6.12.86,7.0.0]`	unaffected	generic	—
`[7.0.4,8.0.0]`	unaffected	generic	—
`[7.1-rc1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel update that includes the Nouveau driver patch referenced in the provided commit logs
Reboot the system so the updated kernel and driver modules are loaded
If an updated kernel is not available, disable the Nouveau driver by adding "nouveau.modeset=0" to the boot parameters to prevent the leak until a patch is applied

Generated by OpenCVE AI on June 10, 2026 at 04:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/4404d7d2dda4f3cc84a8fb6ac5417a2afc3b22d6
https://git.kernel.org/stable/c/5edd564ccb002ffc830e7818c1c4a992db774678
https://git.kernel.org/stable/c/6597ff1d8de3f583be169587efeafd8af134e138
https://git.kernel.org/stable/c/843c0247cf21364e33bb5a8ffc9af57107d04d05
https://lore.kernel.org/linux-cve-announce/2026060913-CVE-2026-52904-cdce@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-52904
https://www.cve.org/CVERecord?id=CVE-2026-52904

History

Wed, 10 Jun 2026 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Wed, 10 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026060913-CVE-2026-52904-cdce@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-52904 https://www.cve.org/CVERecord?id=CVE-2026-52904

Tue, 09 Jun 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Tue, 09 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, the error path returns directly without unwinding the nvkm_device that was just allocated by nvkm_device_pci_new(). This leaks both the device wrapper and the pci_enable_device() reference taken inside it. Jump to the existing fail_nvkm label so nvkm_device_del() runs and balances both. The leak was introduced when the intermediate nvkm_device_del() between detection and aperture removal was dropped in favor of creating the pci device once.
Title		drm/nouveau: fix nvkm_device leak on aperture removal failure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/4404d7d2dda4f3cc84a8fb6ac5417a2afc3b22d6 https://git.kernel.org/stable/c/5edd564ccb002ffc830e7818c1c4a992db774678 https://git.kernel.org/stable/c/6597ff1d8de3f583be169587efeafd8af134e138 https://git.kernel.org/stable/c/843c0247cf21364e33bb5a8ffc9af57107d04d05

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-09T12:36:01.237Z

Updated: 2026-06-09T12:36:01.237Z

Reserved: 2026-06-09T07:44:35.366Z

Link: CVE-2026-52904

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-09T14:16:44.830

Modified: 2026-06-09T14:16:44.830

Link: CVE-2026-52904

Redhat

Severity :

Publid Date: 2026-06-09T00:00:00Z

Links: CVE-2026-52904 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-10T05:00:15Z

Weaknesses

CWE-772

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object