{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23027", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.941Z", "datePublished": "2026-01-31T11:42:06.183Z", "dateUpdated": "2026-05-11T21:58:35.391Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:35.391Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()\n\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device->destroy() seems to be supposed to free its kvm_device\nstruct, but kvm_pch_pic_destroy() is not currently doing this, that\nwould lead to a memory leak.\n\nSo, fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/intc/pch_pic.c"], "versions": [{"version": "e785dfacf7e7fe94370fa0e8e3ff1bc8fe179831", "lessThan": "fc53a66227af08d868face4b33fa8b2e1ba187ed", "status": "affected", "versionType": "git"}, {"version": "e785dfacf7e7fe94370fa0e8e3ff1bc8fe179831", "lessThan": "1cf342a7c3adc5877837b53bbceb5cc9eff60bbf", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/intc/pch_pic.c"], "versions": [{"version": "6.13", "status": "affected"}, {"version": "0", "lessThan": "6.13", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fc53a66227af08d868face4b33fa8b2e1ba187ed"}, {"url": "https://git.kernel.org/stable/c/1cf342a7c3adc5877837b53bbceb5cc9eff60bbf"}], "title": "LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()\n\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device->destroy() seems to be supposed to free its kvm_device\nstruct, but kvm_pch_pic_destroy() is not currently doing this, that\nwould lead to a memory leak.\n\nSo, fix it."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nLoongArch: KVM: Correcci\u00f3n de la fuga de kvm_device en kvm_pch_pic_destroy()\n\nEn kvm_ioctl_create_device(), kvm_device ha asignado memoria,\nkvm_device->destroy() parece que deber\u00eda liberar su estructura kvm_device, pero kvm_pch_pic_destroy() no est\u00e1 haciendo esto actualmente, lo que llevar\u00eda a una fuga de memoria.\n\nPor lo tanto, se corrige."}], "id": "CVE-2026-23027", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-01-31T12:16:06.020", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1cf342a7c3adc5877837b53bbceb5cc9eff60bbf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fc53a66227af08d868face4b33fa8b2e1ba187ed"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()", "id": "2435645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435645"}, "csaw": false, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nLoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device->destroy() seems to be supposed to free its kvm_device\nstruct, but kvm_pch_pic_destroy() is not currently doing this, that\nwould lead to a memory leak.\nSo, fix it."], "name": "CVE-2026-23027", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23027\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23027\nhttps://lore.kernel.org/linux-cve-announce/2026013119-CVE-2026-23027-119a@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-18T18:38:43.448389+00:00", "value": {"mitigation_remediation": ["Update the kernel to the latest release that incorporates the commit fixing kvm_pch_pic_destroy() in the LoongArch KVM subsystem. The patch is available in the upstream Linux kernel source and is referenced by the advisory.", "If a kernel upgrade is unavailable, restrict the creation and repeated destruction of LoongArch KVM devices by limiting user privileges or applying cgroup-based memory limits on virtual machine processes.", "Continuously monitor system memory usage and the number of active KVM devices; if memory growth or a high count of orphaned devices is detected, reboot the kernel or isolate the affected VMs to prevent resource exhaustion."], "summary": {"action": "Apply Patch", "impact": "Resource Exhaustion via Memory Leak"}, "threat_synthesis": {"affected_systems": "Affected systems are Linux kernel builds that include the KVM module for the LoongArch architecture. The vulnerability applies specifically to LoongArch-enabled kernels; vendor and version information is not enumerated in the CNA data, so any kernel with the KVM module that has not yet incorporated the upstream fix is susceptible.", "description_and_impact": "The vulnerability resides in the LoongArch KVM implementation of the Linux kernel. During device creation, the kernel allocates a kvm_device structure but does not release that memory when the device is destroyed, leading to a memory leak. The impact is a gradual accumulation of orphaned memory that can exhaust system resources, potentially resulting in degraded performance or denial of service if the leak persists for enough time.", "risk_and_exploitability": "The CVSS score is not provided, but the EPSS score is below 1\u202f%, indicating a very low probability of exploitation under normal conditions. The vulnerability is not listed in CISA\u2019s KEV catalog, underscoring that it has not been linked to known exploit activity. The likely attack path requires an attacker to create and delete a KVM device on a LoongArch system, which is an operation typically performed by privileged users or within the context of VM management. Because no remote trigger is described, exploitation would be limited to environments where the attacker can control the creation of virtual devices or repeatedly alter the resource usage of a target system to provoke a memory exhaustion scenario."}}}}, "created": "2026-04-18T18:45:05.755431+00:00", "updated": "2026-04-18T18:45:05.755440+00:00", "vendors": [], "weaknesses": ["CWE-399", "CWE-401"]}