Main Vulnerability Database Vulnerabilities #VU124493

#VU124493 Improper Resource Shutdown or Release in Linux kernel - CVE-2026-23350

Published: March 25, 2026

Vulnerability identifier: #VU124493

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-23350

CWE-ID: CWE-404

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper resource shutdown or release in the drm/xe/queue component when initializing an execution queue. A local user can trigger a failure during queue creation, leading to improper finalization and resource deallocation, which results in a denial of service.

Failure to properly finalize the execution queue on initialization failure leads to invalid memory references due to incomplete cleanup of the GuC list and retained damaged queue entries.

Remediation

Install security update from vendor's repository.

#VU124493 Improper Resource Shutdown or Release in Linux kernel - CVE-2026-23350

Description

Remediation

External links

Please verify you're human