{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23360", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.001Z", "datePublished": "2026-03-25T10:27:43.892Z", "dateUpdated": "2026-05-11T22:05:21.869Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:05:21.869Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix admin queue leak on controller reset\n\nWhen nvme_alloc_admin_tag_set() is called during a controller reset,\na previous admin queue may still exist. Release it properly before\nallocating a new one to avoid orphaning the old queue.\n\nThis fixes a regression introduced by commit 03b3bcd319b3 (\"nvme: fix\nadmin request_queue lifetime\")."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/core.c"], "versions": [{"version": "ff037b5f47eeccc1636c03f84cd47db094eb73c9", "lessThan": "089a6f17881a82c6c6e05f8564a867be0767eade", "status": "affected", "versionType": "git"}, {"version": "4896491c497226022626c3acc46044fd182f943c", "lessThan": "6e28bab900e40e4d610b04f9f82e01983d8fb356", "status": "affected", "versionType": "git"}, {"version": "a505f0ba36ab24176c300d7ff56aff85c2977e6c", "lessThan": "2efbc838a26d3da72d8fe05770bdf869d4ca3ac5", "status": "affected", "versionType": "git"}, {"version": "e8061d02b49c5c901980f58d91e96580e9a14acf", "lessThan": "64f87b96de0e645a4c066c7cffd753f334446db6", "status": "affected", "versionType": "git"}, {"version": "03b3bcd319b3ab5182bc9aaa0421351572c78ac0", "lessThan": "e159eb852aeee95443a9458ecb7d072bbb689913", "status": "affected", "versionType": "git"}, {"version": "03b3bcd319b3ab5182bc9aaa0421351572c78ac0", "lessThan": "8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f", "status": "affected", "versionType": "git"}, {"version": "03b3bcd319b3ab5182bc9aaa0421351572c78ac0", "lessThan": "b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d", "status": "affected", "versionType": "git"}, {"version": "e7dac681790556c131854b97551337aa8042215b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/nvme/host/core.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.131", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.167", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.120", "versionEndExcluding": "6.6.131"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.62", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.17.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/089a6f17881a82c6c6e05f8564a867be0767eade"}, {"url": "https://git.kernel.org/stable/c/6e28bab900e40e4d610b04f9f82e01983d8fb356"}, {"url": "https://git.kernel.org/stable/c/2efbc838a26d3da72d8fe05770bdf869d4ca3ac5"}, {"url": "https://git.kernel.org/stable/c/64f87b96de0e645a4c066c7cffd753f334446db6"}, {"url": "https://git.kernel.org/stable/c/e159eb852aeee95443a9458ecb7d072bbb689913"}, {"url": "https://git.kernel.org/stable/c/8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f"}, {"url": "https://git.kernel.org/stable/c/b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d"}], "title": "nvme: fix admin queue leak on controller reset", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A5BC13A-216B-45C3-A63E-D66C3FECFE85", "versionEndExcluding": "6.6.131", "versionStartIncluding": "6.6.120", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F861E4B9-708D-4A3E-9295-278B155F4550", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.12.62", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FCE186E-ED64-4D23-A6C7-327D3D61F135", "versionEndExcluding": "6.18", "versionStartIncluding": "6.17.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "07E9D8CD-82F0-4CC6-8038-BF71758D583C", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.18.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.1.167:*:*:*:*:*:*:*", "matchCriteriaId": "B898A4FB-4E74-40F7-B523-B71FFB681B6D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*", "matchCriteriaId": "DCE57113-2223-4308-A0F2-5E6ECFBB3C23", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme: fix admin queue leak on controller reset\n\nWhen nvme_alloc_admin_tag_set() is called during a controller reset,\na previous admin queue may still exist. Release it properly before\nallocating a new one to avoid orphaning the old queue.\n\nThis fixes a regression introduced by commit 03b3bcd319b3 (\"nvme: fix\nadmin request_queue lifetime\")."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnvme: corrige la fuga de la cola de administraci\u00f3n al reiniciar el controlador\n\nCuando se llama a nvme_alloc_admin_tag_set() durante un reinicio del controlador, una cola de administraci\u00f3n anterior a\u00fan puede existir. Lib\u00e9rela correctamente antes de asignar una nueva para evitar dejar hu\u00e9rfana la cola antigua.\n\nEsto corrige una regresi\u00f3n introducida por el commit 03b3bcd319b3 ('nvme: corrige la vida \u00fatil de request_queue de administraci\u00f3n')."}], "id": "CVE-2026-23360", "lastModified": "2026-04-24T18:59:28.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:34.907", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/089a6f17881a82c6c6e05f8564a867be0767eade"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2efbc838a26d3da72d8fe05770bdf869d4ca3ac5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/64f87b96de0e645a4c066c7cffd753f334446db6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6e28bab900e40e4d610b04f9f82e01983d8fb356"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e159eb852aeee95443a9458ecb7d072bbb689913"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: nvme: fix admin queue leak on controller reset", "id": "2451198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451198"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's Non-Volatile Memory Express (NVMe) subsystem. When an NVMe controller is reset, a previously allocated administration queue may not be properly released before a new one is created. This can lead to the old queue becoming orphaned, potentially causing resource exhaustion or system instability over time."], "name": "CVE-2026-23360", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23360\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23360\nhttps://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23360-c464@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e8061d02b49c5c901980f58d91e96580e9a14acf,64f87b96de0e645a4c066c7cffd753f334446db6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[03b3bcd319b3ab5182bc9aaa0421351572c78ac0,e159eb852aeee95443a9458ecb7d072bbb689913)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[03b3bcd319b3ab5182bc9aaa0421351572c78ac0,8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[03b3bcd319b3ab5182bc9aaa0421351572c78ac0,b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "ff037b5f47eeccc1636c03f84cd47db094eb73c9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "a505f0ba36ab24176c300d7ff56aff85c2977e6c"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "e7dac681790556c131854b97551337aa8042215b"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T17:04:50.220892+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version containing the commit that fixes the admin queue leak (e.g., post-commit 03b3bcd319b3).", "If an immediate kernel upgrade is infeasible, consider disabling the NVMe driver temporarily or ensuring that controller resets are performed only during maintenance windows to limit the impact.", "Disable automatic NVMe controller resets on production systems until the kernel patch is applied to prevent the leak from occurring during regular operation."], "summary": {"action": "Update kernel", "impact": "Admin queue resource leak leading to potential denial of service and kernel instability"}, "threat_synthesis": {"affected_systems": "The flaw affects all Linux kernel implementations that use the NVMe driver prior to the introduction of the fix. The specific kernel version ranges are not enumerated in the available data, but any kernel build lacking the patch is vulnerable.", "description_and_impact": "The kernel bug causes the admin queue allocated during a controller reset to be orphaned instead of properly released, resulting in a resource leak. The resulting unreleased memory can accumulate, degrading system performance or leading to a denial of service. This vulnerability is categorized under CWE-401 and CWE-772, reflecting improper resource management.", "risk_and_exploitability": "The CVSS score of 5.5 indicates medium severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog, implying it is not widely exploited in the wild. Exploitation would likely require local access or elevated privileges that enable interaction with NVMe controller reset commands. The attack vector, inferred from the description, would involve a privileged user resetting the NVMe controller and triggering the leak, potentially leading to resource exhaustion over time."}}}}, "created": "2026-03-25T21:31:55.656291+00:00", "updated": "2026-04-28T17:15:21.237073+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}