{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23079", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.959Z", "datePublished": "2026-02-04T16:08:04.190Z", "dateUpdated": "2026-05-11T21:59:35.698Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:35.698Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()\n\nOn error handling paths, lineinfo_changed_notify() doesn't free the\nallocated resources which results leaks. Fix it."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpio/gpiolib-cdev.c"], "versions": [{"version": "d4cd0902c156b2ca60fdda8cd8b5bcb4b0e9ed64", "lessThan": "16414341b0dd58b650b5df45c79115bc5977bb76", "status": "affected", "versionType": "git"}, {"version": "d4cd0902c156b2ca60fdda8cd8b5bcb4b0e9ed64", "lessThan": "70b3c280533167749a8f740acaa8ef720f78f984", "status": "affected", "versionType": "git"}, {"version": "dccc6daa8afa0f64c432e4c867f275747e3415e1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpio/gpiolib-cdev.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/16414341b0dd58b650b5df45c79115bc5977bb76"}, {"url": "https://git.kernel.org/stable/c/70b3c280533167749a8f740acaa8ef720f78f984"}], "title": "gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC4D9A16-72F2-4CA3-A8F5-80DD12FD7626", "versionEndExcluding": "6.18", "versionStartIncluding": "6.17.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB9AFB04-76D6-4A78-8476-60E0CC207B77", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.18.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*", "matchCriteriaId": "DCE57113-2223-4308-A0F2-5E6ECFBB3C23", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.18:rc7:*:*:*:*:*:*", "matchCriteriaId": "38C4D89F-9A13-4D29-8645-C9785C142C07", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()\n\nOn error handling paths, lineinfo_changed_notify() doesn't free the\nallocated resources which results leaks. Fix it."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ngpio: cdev: Corregir fugas de recursos ante errores en lineinfo_changed_notify()\n\nEn las rutas de manejo de errores, lineinfo_changed_notify() no libera los recursos asignados, lo que provoca fugas. Corregirlo."}], "id": "CVE-2026-23079", "lastModified": "2026-03-18T13:51:51.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-04T17:16:18.643", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/16414341b0dd58b650b5df45c79115bc5977bb76"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70b3c280533167749a8f740acaa8ef720f78f984"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()", "id": "2436764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436764"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23079", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23079\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23079\nhttps://lore.kernel.org/linux-cve-announce/2026020421-CVE-2026-23079-bb7e@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-17T23:37:54.270183+00:00", "value": {"mitigation_remediation": ["Upgrade the system to a Linux kernel version that contains the lineinfo_changed_notify() memory leak fix, such as the latest stable release of 6.18 or beyond.", "If a suitable kernel update is not immediately available, backport the specific commit identified in the kernel maintainer\u2019s references (see Git commits in the provided links) to the running kernel.", "Continuously monitor kernel update channels and security advisories for new patches that address this issue, and apply them promptly when they become available."], "summary": {"action": "Patch", "impact": "Memory Leak (potential DoS)"}, "threat_synthesis": {"affected_systems": "This issue affects the Linux kernel, specifically version 6.18 and the 6.19 release candidates 1 through 6. The vulnerability is present in the core gpio:cdev subsystem. Systems running these kernel releases are vulnerable until the indicated fix is incorporated.", "description_and_impact": "In the Linux kernel, the function lineinfo_changed_notify() fails to release allocated resources when encountering errors, leading to memory leaks. This flaw is a classic example of improper memory deallocation (CWE-401) and could cause a gradual exhaustion of kernel memory, resulting in system instability or denial of service. The vulnerability does not grant any privilege escalation or data exposure, but the impact on long-running systems could be significant if the error paths are repeatedly triggered.", "risk_and_exploitability": "The CVSS score of 5.5 categorizes the risk as medium, and the EPSS score of less than 1% indicates that exploitation is considered unlikely at present. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack vector appears to be local, requiring code execution within the kernel to trigger the error handling path that leaks memory. No publicly available exploit has been documented."}}}}, "created": "2026-04-17T23:45:25.810750+00:00", "updated": "2026-04-17T23:45:25.810760+00:00", "vendors": []}