{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23418", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.014Z", "datePublished": "2026-04-03T13:24:22.572Z", "dateUpdated": "2026-05-11T22:06:31.439Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:06:31.439Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/reg_sr: Fix leak on xa_store failure\n\nFree the newly allocated entry when xa_store() fails to avoid a memory\nleak on the error path.\n\nv2: use goto fail_free. (Bala)\n\n(cherry picked from commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb)"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_reg_sr.c"], "versions": [{"version": "e5283bd4dfecbd3335f43b62a68e24dae23f59e4", "lessThan": "05e3f01974d09d1b746dedf4144f708b5033e76f", "status": "affected", "versionType": "git"}, {"version": "e5283bd4dfecbd3335f43b62a68e24dae23f59e4", "lessThan": "4f461da14c7b226d1c4c179ae69956ccb8e134e2", "status": "affected", "versionType": "git"}, {"version": "e5283bd4dfecbd3335f43b62a68e24dae23f59e4", "lessThan": "3091723785def05ebfe6a50866f87a044ae314ba", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/xe/xe_reg_sr.c"], "versions": [{"version": "6.14", "status": "affected"}, {"version": "0", "lessThan": "6.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/05e3f01974d09d1b746dedf4144f708b5033e76f"}, {"url": "https://git.kernel.org/stable/c/4f461da14c7b226d1c4c179ae69956ccb8e134e2"}, {"url": "https://git.kernel.org/stable/c/3091723785def05ebfe6a50866f87a044ae314ba"}], "title": "drm/xe/reg_sr: Fix leak on xa_store failure", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C726C48-356A-4304-8BC9-6D68C8757131", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.14.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:-:*:*:*:*:*:*", "matchCriteriaId": "7DE421BA-0600-4401-A175-73CAB6A6FB4E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/reg_sr: Fix leak on xa_store failure\n\nFree the newly allocated entry when xa_store() fails to avoid a memory\nleak on the error path.\n\nv2: use goto fail_free. (Bala)\n\n(cherry picked from commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb)"}], "id": "CVE-2026-23418", "lastModified": "2026-04-24T15:21:40.603", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T14:16:27.713", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/05e3f01974d09d1b746dedf4144f708b5033e76f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3091723785def05ebfe6a50866f87a044ae314ba"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f461da14c7b226d1c4c179ae69956ccb8e134e2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/xe/reg_sr: Fix leak on xa_store failure", "id": "2454776", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454776"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel. This memory leak vulnerability occurs when the `xa_store()` function fails to store a newly allocated entry, leading to the entry not being freed. An attacker could potentially exploit this flaw to exhaust system memory, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-23418", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23418\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23418\nhttps://lore.kernel.org/linux-cve-announce/2026040301-CVE-2026-23418-3cf7@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e5283bd4dfecbd3335f43b62a68e24dae23f59e4,05e3f01974d09d1b746dedf4144f708b5033e76f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e5283bd4dfecbd3335f43b62a68e24dae23f59e4,4f461da14c7b226d1c4c179ae69956ccb8e134e2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e5283bd4dfecbd3335f43b62a68e24dae23f59e4,3091723785def05ebfe6a50866f87a044ae314ba)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.14"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T21:52:35.098275+00:00", "value": {"mitigation_remediation": ["Apply the kernel patch that implements commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb, which frees the allocated entry on xa_store failure.", "Upgrade to a kernel version that includes this fix if a direct patch is not available.", "Verify kernel stability after the update in a staging environment before deploying to production."], "summary": {"action": "Apply Patch", "impact": "Memory Leak leading to potential resource exhaustion"}, "threat_synthesis": {"affected_systems": "All Linux kernel releases that include the drm/xe/reg_sr subsystem without the commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb are affected. Kernels built from upstream Linux prior to this commit lack the fix.", "description_and_impact": "The vulnerability is a memory leak in the DRM\u202fXe component of the Linux kernel. When the xa_store operation fails, the newly allocated data structure is not released, allowing successive allocations until system memory is exhausted. This flaw is a memory leak (CWE\u2011401) caused by a missing release in the critical path (CWE\u2011772). The impact is the degradation or loss of service due to resource exhaustion, but it does not provide direct code execution or privilege escalation.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity because the flaw compromises availability by exhausting memory resources due to a memory leak (CWE\u2011401) and missing release (CWE\u2011772). Its EPSS score of less than 1\u202f% and absence from the CISA KEV catalog imply a low likelihood of exploitation. Based on the description, it is inferred that an attacker would need local privileges and access to DRM\u202fXe operations, possibly via graphical rendering or privileged container environments. Given the need for kernel\u2011level interaction and the low exploitation probability, the risk is moderate but warrants prompt patching and monitoring."}}}}, "created": "2026-04-03T21:14:21.353637+00:00", "updated": "2026-04-28T22:00:14.133418+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}