{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23096", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.964Z", "datePublished": "2026-02-04T16:08:18.785Z", "dateUpdated": "2026-05-11T21:59:55.485Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:55.485Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: fix cdev handling in the cleanup path\n\nWhen cdev_device_add fails, it internally releases the cdev memory,\nand if cdev_device_del is then executed, it will cause a hang error.\nTo fix it, we check the return value of cdev_device_add() and clear\nuacce->cdev to avoid calling cdev_device_del in the uacce_remove."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/uacce/uacce.c"], "versions": [{"version": "015d239ac0142ad0e26567fd890ef8d171f13709", "lessThan": "c94c7188d325bc5137d447d67a2f18f7d4f2f4a3", "status": "affected", "versionType": "git"}, {"version": "015d239ac0142ad0e26567fd890ef8d171f13709", "lessThan": "1bc3e51367c420e6db31f41efa874c7a8e12194a", "status": "affected", "versionType": "git"}, {"version": "015d239ac0142ad0e26567fd890ef8d171f13709", "lessThan": "819d647406200d0e83e56fd2df8f451b11290559", "status": "affected", "versionType": "git"}, {"version": "015d239ac0142ad0e26567fd890ef8d171f13709", "lessThan": "d9031575a2f8aabc53af3025dd79af313a2e046b", "status": "affected", "versionType": "git"}, {"version": "015d239ac0142ad0e26567fd890ef8d171f13709", "lessThan": "98d67a1bd6caddd0a8b8c82a0b925742cf500936", "status": "affected", "versionType": "git"}, {"version": "015d239ac0142ad0e26567fd890ef8d171f13709", "lessThan": "bd2393ed7712513e7e2dbcb6e21464a67ff9e702", "status": "affected", "versionType": "git"}, {"version": "015d239ac0142ad0e26567fd890ef8d171f13709", "lessThan": "a3bece3678f6c88db1f44c602b2a63e84b4040ac", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/uacce/uacce.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.7", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c94c7188d325bc5137d447d67a2f18f7d4f2f4a3"}, {"url": "https://git.kernel.org/stable/c/1bc3e51367c420e6db31f41efa874c7a8e12194a"}, {"url": "https://git.kernel.org/stable/c/819d647406200d0e83e56fd2df8f451b11290559"}, {"url": "https://git.kernel.org/stable/c/d9031575a2f8aabc53af3025dd79af313a2e046b"}, {"url": "https://git.kernel.org/stable/c/98d67a1bd6caddd0a8b8c82a0b925742cf500936"}, {"url": "https://git.kernel.org/stable/c/bd2393ed7712513e7e2dbcb6e21464a67ff9e702"}, {"url": "https://git.kernel.org/stable/c/a3bece3678f6c88db1f44c602b2a63e84b4040ac"}], "title": "uacce: fix cdev handling in the cleanup path", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B635197-F169-4155-A953-A712BDD15376", "versionEndExcluding": "5.10.249", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A247FBA6-BEB9-484F-B892-DD5517949CCD", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "52F38E19-0FDD-4992-9D6D-D4169D689598", "versionEndExcluding": "6.12.68", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: fix cdev handling in the cleanup path\n\nWhen cdev_device_add fails, it internally releases the cdev memory,\nand if cdev_device_del is then executed, it will cause a hang error.\nTo fix it, we check the return value of cdev_device_add() and clear\nuacce->cdev to avoid calling cdev_device_del in the uacce_remove."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nuacce: correcci\u00f3n del manejo de cdev en la ruta de limpieza\n\nCuando cdev_device_add falla, libera internamente la memoria de cdev, y si cdev_device_del se ejecuta entonces, causar\u00e1 un error de bloqueo. Para solucionarlo, verificamos el valor de retorno de cdev_device_add() y borramos uacce->cdev para evitar llamar a cdev_device_del en uacce_remove."}], "id": "CVE-2026-23096", "lastModified": "2026-03-18T13:29:58.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-04T17:16:20.473", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1bc3e51367c420e6db31f41efa874c7a8e12194a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/819d647406200d0e83e56fd2df8f451b11290559"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/98d67a1bd6caddd0a8b8c82a0b925742cf500936"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a3bece3678f6c88db1f44c602b2a63e84b4040ac"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bd2393ed7712513e7e2dbcb6e21464a67ff9e702"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c94c7188d325bc5137d447d67a2f18f7d4f2f4a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d9031575a2f8aabc53af3025dd79af313a2e046b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: uacce: fix cdev handling in the cleanup path", "id": "2436797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436797"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23096", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23096\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23096\nhttps://lore.kernel.org/linux-cve-announce/2026020427-CVE-2026-23096-e5af@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-17T23:33:20.311063+00:00", "value": {"mitigation_remediation": ["Deploy a Linux kernel update that incorporates the fix from commit 1bc3e51367c\u2026", "Until the kernel update can be applied, prevent the deployment or unloading of the uacce driver to avoid triggering the bug", "Continuously monitor system stability for kernel hangs and apply any subsequent kernel patches as they become available"], "summary": {"action": "Patch Now", "impact": "Kernel hang / Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw affects Linux kernel versions that include the uacce driver with the buggy cleanup logic. Known affected releases are Linux kernel 6.19 Release Candidate 1 through RC6. It is likely that other kernel releases built before the patch commit are also vulnerable, but no further specific version information is available.", "description_and_impact": "In the Linux kernel, a bug in the uacce device driver\u2019s cleanup logic can cause the system to freeze when a failure in cdev_device_add is not handled properly. Specifically, if cdev_device_add fails, the driver internally frees cdev memory, and a subsequent call to cdev_device_del in the cleanup routine attempts to delete a freed object, resulting in a hang error. This flaw may be exploited by code that triggers the driver\u2019s load or unload sequence, leading to local denial of service.", "risk_and_exploitability": "The CVSS score is 5.5, indicating moderate severity, while the EPSS score is below 1 percent, showing a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring an attacker to run or load the vulnerable uacce driver on the affected system. If the flaw is triggered, the kernel will hang, causing a denial of service until the system is rebooted or the driver is unloaded."}}}}, "created": "2026-04-17T23:45:25.808485+00:00", "updated": "2026-04-17T23:45:25.808495+00:00", "vendors": [], "weaknesses": ["CWE-416"]}