{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23065", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.953Z", "datePublished": "2026-02-04T16:07:47.077Z", "dateUpdated": "2026-05-11T21:59:19.347Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:19.347Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: Fix memory leak in wbrf_record()\n\nThe tmp buffer is allocated using kcalloc() but is not freed if\nacpi_evaluate_dsm() fails. This causes a memory leak in the error path.\n\nFix this by explicitly freeing the tmp buffer in the error handling\npath of acpi_evaluate_dsm()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/amd/wbrf.c"], "versions": [{"version": "58e82a62669da52e688f4a8b89922c1839bf1001", "lessThan": "1152dffe01af86e42ce2b208b92ef7f8c275d130", "status": "affected", "versionType": "git"}, {"version": "58e82a62669da52e688f4a8b89922c1839bf1001", "lessThan": "1a0072bd1f1e559eda3e91a24dbc51c9eb025c54", "status": "affected", "versionType": "git"}, {"version": "58e82a62669da52e688f4a8b89922c1839bf1001", "lessThan": "2bf1877b7094c684e1d652cac6912cfbc507ad3e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/amd/wbrf.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1152dffe01af86e42ce2b208b92ef7f8c275d130"}, {"url": "https://git.kernel.org/stable/c/1a0072bd1f1e559eda3e91a24dbc51c9eb025c54"}, {"url": "https://git.kernel.org/stable/c/2bf1877b7094c684e1d652cac6912cfbc507ad3e"}], "title": "platform/x86/amd: Fix memory leak in wbrf_record()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDF8DE38-8295-4104-AC61-A15E697A9B3C", "versionEndExcluding": "6.12.68", "versionStartIncluding": "6.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/amd: Fix memory leak in wbrf_record()\n\nThe tmp buffer is allocated using kcalloc() but is not freed if\nacpi_evaluate_dsm() fails. This causes a memory leak in the error path.\n\nFix this by explicitly freeing the tmp buffer in the error handling\npath of acpi_evaluate_dsm()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad:\n\nplatform/x86/amd: Correcci\u00f3n de fuga de memoria en wbrf_record()\n\nEl b\u00fafer tmp se asigna usando kcalloc() pero no se libera si acpi_evaluate_dsm() falla. Esto provoca una fuga de memoria en la ruta de error.\n\nEsto se soluciona liberando expl\u00edcitamente el b\u00fafer tmp en la ruta de manejo de errores de acpi_evaluate_dsm()."}], "id": "CVE-2026-23065", "lastModified": "2026-03-13T21:27:57.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-04T17:16:17.207", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1152dffe01af86e42ce2b208b92ef7f8c275d130"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1a0072bd1f1e559eda3e91a24dbc51c9eb025c54"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2bf1877b7094c684e1d652cac6912cfbc507ad3e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: platform/x86/amd: Fix memory leak in wbrf_record()", "id": "2436752", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436752"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23065", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23065\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23065\nhttps://lore.kernel.org/linux-cve-announce/2026020416-CVE-2026-23065-f6ae@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-18T20:09:37.699865+00:00", "value": {"mitigation_remediation": ["Upgrade the kernel to the latest mainline stable release that includes the fix.", "If an immediate upgrade is not possible, reduce the likelihood of the error path by disabling ACPI devices or functionality that invoke acpi_evaluate_dsm().", "Monitor kernel memory usage for unexpected growth and apply the patch when anomalous patterns are observed."], "summary": {"action": "Apply patch", "impact": "Memory Leak"}, "threat_synthesis": {"affected_systems": "The issue applies to Linux kernel 6.19 release\u2011candidate builds from rc1 through rc6. Any kernel that includes the legacy wbrf_record() implementation in that series is vulnerable until the patch that frees the buffer on failure is applied. The CVE does not state whether later stable releases contain the fix, so users cannot assume that simply running a newer kernel automatically resolves the issue.", "description_and_impact": "The kernel\u2019s wbrf_record() routine allocates a temporary buffer with kcalloc() but fails to free it when acpi_evaluate_dsm() encounters an error. This defect causes kernel memory to grow without bound on repeated failures, constituting a classic memory\u2011leak scenario (CWE\u2011401).", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of real\u2011world exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. The risk manifests when acpi_evaluate_dsm() repeatedly fails, allowing an attacker or system instability to drain kernel memory and potentially degrade performance or availability. No explicit exploitation path or privilege level is provided in the CVE description, so the threat is limited to the memory\u2011leak effect itself."}}}}, "created": "2026-04-18T20:15:09.549650+00:00", "updated": "2026-04-18T20:15:09.549662+00:00", "vendors": []}