{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23028", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.942Z", "datePublished": "2026-01-31T11:42:06.984Z", "dateUpdated": "2026-05-11T21:58:36.566Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:36.566Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()\n\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device->destroy() seems to be supposed to free its kvm_device\nstruct, but kvm_ipi_destroy() is not currently doing this, that\nwould lead to a memory leak.\n\nSo, fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/intc/ipi.c"], "versions": [{"version": "c532de5a67a70f8533d495f8f2aaa9a0491c3ad0", "lessThan": "5defcc2f9c22e6e09b5be68234ad10f4ba0292b7", "status": "affected", "versionType": "git"}, {"version": "c532de5a67a70f8533d495f8f2aaa9a0491c3ad0", "lessThan": "0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/loongarch/kvm/intc/ipi.c"], "versions": [{"version": "6.13", "status": "affected"}, {"version": "0", "lessThan": "6.13", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5defcc2f9c22e6e09b5be68234ad10f4ba0292b7"}, {"url": "https://git.kernel.org/stable/c/0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21"}], "title": "LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()\n\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device->destroy() seems to be supposed to free its kvm_device\nstruct, but kvm_ipi_destroy() is not currently doing this, that\nwould lead to a memory leak.\n\nSo, fix it."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nLoongArch: KVM: Correcci\u00f3n de fuga de kvm_device en kvm_ipi_destroy()\n\nEn kvm_ioctl_create_device(), kvm_device ha asignado memoria,\nkvm_device->destroy() parece que deber\u00eda liberar su estructura kvm_device,\npero kvm_ipi_destroy() no est\u00e1 haciendo esto actualmente, lo que\nllevar\u00eda a una fuga de memoria.\n\nAs\u00ed que, corr\u00edgelo."}], "id": "CVE-2026-23028", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-01-31T12:16:06.120", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5defcc2f9c22e6e09b5be68234ad10f4ba0292b7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()", "id": "2435669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435669"}, "csaw": false, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nLoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()\nIn kvm_ioctl_create_device(), kvm_device has allocated memory,\nkvm_device->destroy() seems to be supposed to free its kvm_device\nstruct, but kvm_ipi_destroy() is not currently doing this, that\nwould lead to a memory leak.\nSo, fix it."], "name": "CVE-2026-23028", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23028\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23028\nhttps://lore.kernel.org/linux-cve-announce/2026013120-CVE-2026-23028-4942@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-18T00:55:13.238986+00:00", "value": {"mitigation_remediation": ["Update the kernel to a version that includes the kvm_ipi_destroy() memory leak fix from the Linux kernel branch.", "If a kernel update is not possible, manually apply the patch from the Linux kernel git repository and rebuild the kernel.", "Reboot the system to load the patched kernel and verify that the memory leak no longer occurs."], "summary": {"action": "Apply Patch", "impact": "Memory Leak"}, "threat_synthesis": {"affected_systems": "All installations of the Linux kernel that include the LoongArch KVM subsystem, prior to the patch that corrects kvm_ipi_destroy(). The CNA lists the affected vendor as Linux. No specific kernel versions are enumerated in the advisory; thus any kernel with the uncorrected code may be impacted.", "description_and_impact": "The vulnerability occurs in the Linux kernel when a kvm_device is created via kvm_ioctl_create_device(). The destroy function is expected to free the kvm_device structure, but kvm_ipi_destroy() does not perform the deallocation, creating a memory leak. The affected component is the LoongArch KVM implementation. Attacking this flaw cannot directly compromise confidentiality or integrity, but repeated exploitation could exhaust memory resources, potentially affecting stability and availability.", "risk_and_exploitability": "The EPSS score is less than 1\u202f% and the issue is not listed in the CISA KEV catalog, indicating a low likelihood of exploitation in the wild. The flaw does not provide a remote code execution or privilege escalation vector; its exploitation requires repeated interactions with the KVM API, typically from a guest or privileged user. The impact remains limited to resource exhaustion rather than a direct compromise."}}}}, "created": "2026-04-18T01:00:11.630080+00:00", "updated": "2026-04-18T01:00:11.630097+00:00", "vendors": [], "weaknesses": ["CWE-401"]}