Improper Resource Shutdown or Release in Linux kernel - CVE-2026-23350

 

Improper Resource Shutdown or Release in Linux kernel - CVE-2026-23350

Published: March 25, 2026


Vulnerability identifier: #VU124493
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23350
CWE-ID: CWE-404
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper resource shutdown or release in the drm/xe/queue component when initializing an execution queue. A local user can trigger a failure during queue creation, leading to improper finalization and resource deallocation, which results in a denial of service.

Failure to properly finalize the execution queue on initialization failure leads to invalid memory references due to incomplete cleanup of the GuC list and retained damaged queue entries.


How to mitigate CVE-2026-23350

Install security update from vendor's repository.

Sources