{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23176", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.983Z", "datePublished": "2026-02-14T16:27:08.764Z", "dateUpdated": "2026-05-11T22:01:47.639Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:01:47.639Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_haps: Fix memory leaks in add/remove routines\n\ntoshiba_haps_add() leaks the haps object allocated by it if it returns\nan error after allocating that object successfully.\n\ntoshiba_haps_remove() does not free the object pointed to by\ntoshiba_haps before clearing that pointer, so it becomes unreachable\nallocated memory.\n\nAddress these memory leaks by using devm_kzalloc() for allocating\nthe memory in question."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/toshiba_haps.c"], "versions": [{"version": "23d0ba0c908ac10139f0351023c64198d7fc1409", "lessThan": "17f37c4cdf42a9e4915216b9e130fc8baef4cc64", "status": "affected", "versionType": "git"}, {"version": "23d0ba0c908ac10139f0351023c64198d7fc1409", "lessThan": "5bce10f0f9435afaae3fc4df9a52b01d9b3853dc", "status": "affected", "versionType": "git"}, {"version": "23d0ba0c908ac10139f0351023c64198d7fc1409", "lessThan": "f2093e87ddec13e7a920f326c078a5f765ba89c3", "status": "affected", "versionType": "git"}, {"version": "23d0ba0c908ac10139f0351023c64198d7fc1409", "lessThan": "ca9ff71c15bc8e48529c2033294a519a7749b272", "status": "affected", "versionType": "git"}, {"version": "23d0ba0c908ac10139f0351023c64198d7fc1409", "lessThan": "bf0474356875d005d420f8c6b9ac168566e72e87", "status": "affected", "versionType": "git"}, {"version": "23d0ba0c908ac10139f0351023c64198d7fc1409", "lessThan": "f93ae43780b759a70734be9bc82c1adcf7f33208", "status": "affected", "versionType": "git"}, {"version": "23d0ba0c908ac10139f0351023c64198d7fc1409", "lessThan": "128497456756e1b952bd5a912cd073836465109d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/platform/x86/toshiba_haps.c"], "versions": [{"version": "3.17", "status": "affected"}, {"version": "0", "lessThan": "3.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.250", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.200", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.163", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.124", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.70", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.10", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "5.10.250"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "5.15.200"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.1.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.6.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.12.70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.18.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/17f37c4cdf42a9e4915216b9e130fc8baef4cc64"}, {"url": "https://git.kernel.org/stable/c/5bce10f0f9435afaae3fc4df9a52b01d9b3853dc"}, {"url": "https://git.kernel.org/stable/c/f2093e87ddec13e7a920f326c078a5f765ba89c3"}, {"url": "https://git.kernel.org/stable/c/ca9ff71c15bc8e48529c2033294a519a7749b272"}, {"url": "https://git.kernel.org/stable/c/bf0474356875d005d420f8c6b9ac168566e72e87"}, {"url": "https://git.kernel.org/stable/c/f93ae43780b759a70734be9bc82c1adcf7f33208"}, {"url": "https://git.kernel.org/stable/c/128497456756e1b952bd5a912cd073836465109d"}], "title": "platform/x86: toshiba_haps: Fix memory leaks in add/remove routines", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_haps: Fix memory leaks in add/remove routines\n\ntoshiba_haps_add() leaks the haps object allocated by it if it returns\nan error after allocating that object successfully.\n\ntoshiba_haps_remove() does not free the object pointed to by\ntoshiba_haps before clearing that pointer, so it becomes unreachable\nallocated memory.\n\nAddress these memory leaks by using devm_kzalloc() for allocating\nthe memory in question."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nplatform/x86: toshiba_haps: Corrige fugas de memoria en las rutinas de a\u00f1adir/eliminar\n\ntoshiba_haps_add() fuga el objeto haps asignado por ella si devuelve un error despu\u00e9s de asignar ese objeto con \u00e9xito.\n\ntoshiba_haps_remove() no libera el objeto apuntado por toshiba_haps antes de borrar ese puntero, por lo que se convierte en memoria asignada inalcanzable.\n\nAborda estas fugas de memoria utilizando devm_kzalloc() para asignar la memoria en cuesti\u00f3n."}], "id": "CVE-2026-23176", "lastModified": "2026-04-15T14:34:27.800", "metrics": {}, "published": "2026-02-14T17:15:55.320", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/128497456756e1b952bd5a912cd073836465109d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/17f37c4cdf42a9e4915216b9e130fc8baef4cc64"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5bce10f0f9435afaae3fc4df9a52b01d9b3853dc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bf0474356875d005d420f8c6b9ac168566e72e87"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ca9ff71c15bc8e48529c2033294a519a7749b272"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f2093e87ddec13e7a920f326c078a5f765ba89c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f93ae43780b759a70734be9bc82c1adcf7f33208"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: platform/x86: toshiba_haps: Fix memory leaks in add/remove routines", "id": "2439881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439881"}, "csaw": false, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nplatform/x86: toshiba_haps: Fix memory leaks in add/remove routines\ntoshiba_haps_add() leaks the haps object allocated by it if it returns\nan error after allocating that object successfully.\ntoshiba_haps_remove() does not free the object pointed to by\ntoshiba_haps before clearing that pointer, so it becomes unreachable\nallocated memory.\nAddress these memory leaks by using devm_kzalloc() for allocating\nthe memory in question."], "name": "CVE-2026-23176", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23176\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23176\nhttps://lore.kernel.org/linux-cve-announce/2026021428-CVE-2026-23176-4baf@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[23d0ba0c908ac10139f0351023c64198d7fc1409,17f37c4cdf42a9e4915216b9e130fc8baef4cc64)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[23d0ba0c908ac10139f0351023c64198d7fc1409,5bce10f0f9435afaae3fc4df9a52b01d9b3853dc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[23d0ba0c908ac10139f0351023c64198d7fc1409,f2093e87ddec13e7a920f326c078a5f765ba89c3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[23d0ba0c908ac10139f0351023c64198d7fc1409,ca9ff71c15bc8e48529c2033294a519a7749b272)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[23d0ba0c908ac10139f0351023c64198d7fc1409,bf0474356875d005d420f8c6b9ac168566e72e87)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[23d0ba0c908ac10139f0351023c64198d7fc1409,f93ae43780b759a70734be9bc82c1adcf7f33208)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[23d0ba0c908ac10139f0351023c64198d7fc1409,128497456756e1b952bd5a912cd073836465109d)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.17"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,3.17)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.250,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.200,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.163,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.124,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.70,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.10,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-18T12:16:20.495431+00:00", "value": {"mitigation_remediation": ["Apply a kernel version that incorporates the devm_kzalloc allocation changes for toshiba_haps.", "If an updated kernel is not available, backport the patch manually from the commit references linked in the advisory.", "After applying the fix, perform a memory usage audit using tools such as top, vmstat, or dmesg, ensuring that no memory growth associated with the HAPS driver occurs over time.", "Keep the kernel up\u2011to\u2011date with vendor releases and monitor advisories for related memory exhaustion issues."], "summary": {"action": "Patch Update", "impact": "Memory Leak"}, "threat_synthesis": {"affected_systems": "Affected systems are Linux kernel instances that compile the x86 platform Toshiba HAPS driver. Any kernel version that includes the buggy implementation of toshiba_haps_add and toshiba_haps_remove is susceptible, regardless of distribution; the exact affected releases are not enumerated in the advisory.", "description_and_impact": "The vulnerability involves improper deallocation in the Toshiba HAPS module of the Linux kernel. If toshiba_haps_add() fails after allocating its haps object, the allocation is not freed, creating a leak. When toshiba_haps_remove() clears the pointer before freeing the object, that memory also becomes unreachable. These leaks accumulate over time, consuming kernel memory and can lead to a degradation of system performance or even a kernel out\u2011of\u2011memory condition, which may result in a denial\u2011of\u2011service. The weakness aligns with CWE\u2011401.", "risk_and_exploitability": "Risk is low exploitation probability: the EPSS score is below 1% and the vulnerability is not listed in CISA KEV. The bug is local, requiring access to the kernel to trigger the faulty routines, and there are no known remote exploits. The primary threat is accidental resource exhaustion as the bug is not user\u2011controllable, but a prolonged leak could lead to a denial\u2011of\u2011service scenario if the kernel runs out of memory."}}}}, "created": "2026-02-16T09:44:02.237151+00:00", "updated": "2026-04-18T12:30:45.447456+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}