{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23430", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.016Z", "datePublished": "2026-04-03T15:15:16.687Z", "dateUpdated": "2026-05-11T22:06:45.354Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:06:45.354Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Don't overwrite KMS surface dirty tracker\n\nWe were overwriting the surface's dirty tracker here causing a memory leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"], "versions": [{"version": "965544150d1cadf0e8f5bb6c13c19697e46e1429", "lessThan": "3f300a41a3668095688aa4551214e8080829fa93", "status": "affected", "versionType": "git"}, {"version": "965544150d1cadf0e8f5bb6c13c19697e46e1429", "lessThan": "354c8bbf8d1e4aa61e580dbe160591feda504e4f", "status": "affected", "versionType": "git"}, {"version": "965544150d1cadf0e8f5bb6c13c19697e46e1429", "lessThan": "c6cb77c474a32265e21c4871c7992468bf5e7638", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/vmwgfx/vmwgfx_kms.c"], "versions": [{"version": "6.16", "status": "affected"}, {"version": "0", "lessThan": "6.16", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.16", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3f300a41a3668095688aa4551214e8080829fa93"}, {"url": "https://git.kernel.org/stable/c/354c8bbf8d1e4aa61e580dbe160591feda504e4f"}, {"url": "https://git.kernel.org/stable/c/c6cb77c474a32265e21c4871c7992468bf5e7638"}], "title": "drm/vmwgfx: Don't overwrite KMS surface dirty tracker", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "61FC01B0-29A5-4652-8685-D9849FD5D596", "versionEndExcluding": "6.18.20", "versionStartIncluding": "6.16.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "96D34333-38BE-4414-9E79-6EB764329581", "versionEndExcluding": "6.19.10", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*", "matchCriteriaId": "6238B17D-C12B-458F-A138-97039BFC4595", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Don't overwrite KMS surface dirty tracker\n\nWe were overwriting the surface's dirty tracker here causing a memory leak."}], "id": "CVE-2026-23430", "lastModified": "2026-04-23T21:03:36.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T16:16:24.357", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/354c8bbf8d1e4aa61e580dbe160591feda504e4f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3f300a41a3668095688aa4551214e8080829fa93"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c6cb77c474a32265e21c4871c7992468bf5e7638"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: drm/vmwgfx: Don't overwrite KMS surface dirty tracker", "id": "2454815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454815"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-911", "details": ["A flaw was found in the Linux kernel, specifically within the `drm/vmwgfx` component. This vulnerability occurs when the kernel incorrectly overwrites the Kernel Mode Setting (KMS) surface dirty tracker. This error leads to a memory leak, which can degrade system performance and potentially cause system instability over an extended period."], "name": "CVE-2026-23430", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23430\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23430\nhttps://lore.kernel.org/linux-cve-announce/2026040310-CVE-2026-23430-8d4a@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[965544150d1cadf0e8f5bb6c13c19697e46e1429,3f300a41a3668095688aa4551214e8080829fa93)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[965544150d1cadf0e8f5bb6c13c19697e46e1429,354c8bbf8d1e4aa61e580dbe160591feda504e4f)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[965544150d1cadf0e8f5bb6c13c19697e46e1429,c6cb77c474a32265e21c4871c7992468bf5e7638)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.16"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.16)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-29T00:35:04.895972+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that incorporates the vmwgfx patch (commit 354c8bbf8d1e4aa61e580dbe160591feda504e4f or later).", "Reboot the system after applying the update to ensure the patched driver is loaded.", "Monitor system memory usage for abnormal growth; if memory consumption remains high, consider rebooting again or applying the update once available."], "summary": {"action": "Apply Patch", "impact": "Memory Leak via Overwritten KMS Surface Dirty Tracker"}, "threat_synthesis": {"affected_systems": "Linux kernel distributions running version 6.16 or any of the 7.0 release candidates (RC1\u2013RC7) that have not yet incorporated the patch that fixes the vmwgfx driver bug are affected. Users of any other kernel releases that include the buggy code without the fix are also vulnerable.", "description_and_impact": "The vulnerability originates in the DRM/VMwgfx driver of the Linux kernel where the surface's dirty tracker is overwritten, causing a memory leak. The leak can gradually consume free memory, which may degrade system performance. It is inferred from typical memory\u2011leak behavior that a severe case could lead to a local denial of service, but the CVE description does not explicitly mention this outcome. The weakness is specified by CWE\u2011401 and CWE\u2011911, indicating a memory\u2011management flaw and a logical flaw that can result in memory corruption.", "risk_and_exploitability": "The CVSS score of 5.5 reflects a moderate risk. The EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. No publicly documented remote exploitation path is provided; the impact appears limited to local memory exhaustion. Exploitation would require triggering the code that overwrites the dirty tracker, which is typically a local action."}}}}, "created": "2026-04-03T21:14:07.870766+00:00", "updated": "2026-04-29T00:45:26.157574+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}