{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23426", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.015Z", "datePublished": "2026-04-03T13:24:34.276Z", "dateUpdated": "2026-05-11T22:06:40.703Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:06:40.703Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()\n\nThe logicvc_drm_config_parse() function calls of_get_child_by_name() to\nfind the \"layers\" node but fails to release the reference, leading to a\ndevice node reference leak.\n\nFix this by using the __free(device_node) cleanup attribute to automatic\nrelease the reference when the variable goes out of scope."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/logicvc/logicvc_drm.c"], "versions": [{"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "b88f49910be147b7974098b9172b0d3873142d6a", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "0bd326dffd9e103335d77d9c31275c0d5a7979eb", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "871630255ecd2d9b64ad1d75a7dfc0567d7d9989", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "f8a6eba20edb938166b26e133cc61306e1bc6de9", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "78e91e49d28e05ccaa6b445bafb5e367d57c9583", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/logicvc/logicvc_drm.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a"}, {"url": "https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb"}, {"url": "https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989"}, {"url": "https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9"}, {"url": "https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583"}, {"url": "https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207"}], "title": "drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "72B24488-A57B-4D9C-A7EA-A6020518455B", "versionEndExcluding": "6.1.167", "versionStartIncluding": "6.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267", "versionEndExcluding": "6.6.130", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*", "matchCriteriaId": "7BE551E5-89CF-47A8-9B26-03CE727FBA37", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()\n\nThe logicvc_drm_config_parse() function calls of_get_child_by_name() to\nfind the \"layers\" node but fails to release the reference, leading to a\ndevice node reference leak.\n\nFix this by using the __free(device_node) cleanup attribute to automatic\nrelease the reference when the variable goes out of scope."}], "id": "CVE-2026-23426", "lastModified": "2026-04-23T21:04:06.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T14:16:28.890", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()", "id": "2454777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454777"}, "csaw": false, "cwe": "CWE-911", "details": ["A flaw was found in the Linux kernel's `drm/logicvc` component. The `logicvc_drm_config_parse()` function, when processing device configurations, fails to properly release a reference to a device node. This oversight leads to a device node reference leak, which can result in resource exhaustion over time and potentially lead to a Denial of Service (DoS) condition."], "name": "CVE-2026-23426", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23426\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23426\nhttps://lore.kernel.org/linux-cve-announce/2026040305-CVE-2026-23426-4c05@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,b88f49910be147b7974098b9172b0d3873142d6a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,0bd326dffd9e103335d77d9c31275c0d5a7979eb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,871630255ecd2d9b64ad1d75a7dfc0567d7d9989)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,f8a6eba20edb938166b26e133cc61306e1bc6de9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,78e91e49d28e05ccaa6b445bafb5e367d57c9583)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc2,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-29T01:57:21.618416+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that incorporates the logicvc reference\u2011release fix.", "Apply the specific upstream commit (e.g., commit 0bd326dffd9e1033) that fixes the reference leak, or backport the patch to your kernel.", "Disable the logicvc DRM driver or remove it from the kernel configuration to prevent the function from being invoked."], "summary": {"action": "Apply Patch", "impact": "Device node reference leak in Linux kernel DRM logicvc driver"}, "threat_synthesis": {"affected_systems": "Systems running the Linux kernel v6.0 or any 7.0 release candidate (rc1 through rc7) that include the logicvc DRM driver are affected. The vulnerability is present in all builds of these kernel releases that have not incorporated the upstream fix.", "description_and_impact": "The logicvc_drm_config_parse() function in the Linux kernel\u2019s DRM logicvc driver retrieves a device node named \"layers\" by calling of_get_child_by_name(), but the function fails to release the reference to this node. This omission creates a device node reference leak, which is a form of resource management flaw identified as CWE\u2011911. The leak may cause kernel memory or object references to accumulate over time if the function is invoked repeatedly.", "risk_and_exploitability": "To trigger the leak, an attacker would need to cause the kernel to execute logicvc_drm_config_parse() by providing a DRM configuration that references a device node named \"layers\" or by manipulating the device tree. The likely attack vector is local and requires elevated privileges, as configuring the DRM subsystem typically demands administrative access. Based on the CVSS score of 5.5 and an EPSS score of less than 1\u202f%, the overall risk is moderate, but exploitation probability is low. The vulnerability is not listed in the CISA KEV catalog."}}}}, "created": "2026-04-03T21:14:12.836698+00:00", "updated": "2026-04-29T02:00:27.278959+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}