CVE-2026-23096 (GCVE-0-2026-23096)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:08 – Updated: 2026-02-06 16:33
VLAI?
Title
uacce: fix cdev handling in the cleanup path
Summary
In the Linux kernel, the following vulnerability has been resolved:
uacce: fix cdev handling in the cleanup path
When cdev_device_add fails, it internally releases the cdev memory,
and if cdev_device_del is then executed, it will cause a hang error.
To fix it, we check the return value of cdev_device_add() and clear
uacce->cdev to avoid calling cdev_device_del in the uacce_remove.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
015d239ac0142ad0e26567fd890ef8d171f13709 , < c94c7188d325bc5137d447d67a2f18f7d4f2f4a3
(git)
Affected: 015d239ac0142ad0e26567fd890ef8d171f13709 , < 1bc3e51367c420e6db31f41efa874c7a8e12194a (git) Affected: 015d239ac0142ad0e26567fd890ef8d171f13709 , < 819d647406200d0e83e56fd2df8f451b11290559 (git) Affected: 015d239ac0142ad0e26567fd890ef8d171f13709 , < d9031575a2f8aabc53af3025dd79af313a2e046b (git) Affected: 015d239ac0142ad0e26567fd890ef8d171f13709 , < 98d67a1bd6caddd0a8b8c82a0b925742cf500936 (git) Affected: 015d239ac0142ad0e26567fd890ef8d171f13709 , < bd2393ed7712513e7e2dbcb6e21464a67ff9e702 (git) Affected: 015d239ac0142ad0e26567fd890ef8d171f13709 , < a3bece3678f6c88db1f44c602b2a63e84b4040ac (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/uacce/uacce.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c94c7188d325bc5137d447d67a2f18f7d4f2f4a3",
"status": "affected",
"version": "015d239ac0142ad0e26567fd890ef8d171f13709",
"versionType": "git"
},
{
"lessThan": "1bc3e51367c420e6db31f41efa874c7a8e12194a",
"status": "affected",
"version": "015d239ac0142ad0e26567fd890ef8d171f13709",
"versionType": "git"
},
{
"lessThan": "819d647406200d0e83e56fd2df8f451b11290559",
"status": "affected",
"version": "015d239ac0142ad0e26567fd890ef8d171f13709",
"versionType": "git"
},
{
"lessThan": "d9031575a2f8aabc53af3025dd79af313a2e046b",
"status": "affected",
"version": "015d239ac0142ad0e26567fd890ef8d171f13709",
"versionType": "git"
},
{
"lessThan": "98d67a1bd6caddd0a8b8c82a0b925742cf500936",
"status": "affected",
"version": "015d239ac0142ad0e26567fd890ef8d171f13709",
"versionType": "git"
},
{
"lessThan": "bd2393ed7712513e7e2dbcb6e21464a67ff9e702",
"status": "affected",
"version": "015d239ac0142ad0e26567fd890ef8d171f13709",
"versionType": "git"
},
{
"lessThan": "a3bece3678f6c88db1f44c602b2a63e84b4040ac",
"status": "affected",
"version": "015d239ac0142ad0e26567fd890ef8d171f13709",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/uacce/uacce.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.249",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.199",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19-rc7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.249",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.199",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19-rc7",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: fix cdev handling in the cleanup path\n\nWhen cdev_device_add fails, it internally releases the cdev memory,\nand if cdev_device_del is then executed, it will cause a hang error.\nTo fix it, we check the return value of cdev_device_add() and clear\nuacce-\u003ecdev to avoid calling cdev_device_del in the uacce_remove."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T16:33:17.715Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c94c7188d325bc5137d447d67a2f18f7d4f2f4a3"
},
{
"url": "https://git.kernel.org/stable/c/1bc3e51367c420e6db31f41efa874c7a8e12194a"
},
{
"url": "https://git.kernel.org/stable/c/819d647406200d0e83e56fd2df8f451b11290559"
},
{
"url": "https://git.kernel.org/stable/c/d9031575a2f8aabc53af3025dd79af313a2e046b"
},
{
"url": "https://git.kernel.org/stable/c/98d67a1bd6caddd0a8b8c82a0b925742cf500936"
},
{
"url": "https://git.kernel.org/stable/c/bd2393ed7712513e7e2dbcb6e21464a67ff9e702"
},
{
"url": "https://git.kernel.org/stable/c/a3bece3678f6c88db1f44c602b2a63e84b4040ac"
}
],
"title": "uacce: fix cdev handling in the cleanup path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23096",
"datePublished": "2026-02-04T16:08:18.785Z",
"dateReserved": "2026-01-13T15:37:45.964Z",
"dateUpdated": "2026-02-06T16:33:17.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-23096\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-02-04T17:16:20.473\",\"lastModified\":\"2026-02-06T17:16:24.940\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nuacce: fix cdev handling in the cleanup path\\n\\nWhen cdev_device_add fails, it internally releases the cdev memory,\\nand if cdev_device_del is then executed, it will cause a hang error.\\nTo fix it, we check the return value of cdev_device_add() and clear\\nuacce-\u003ecdev to avoid calling cdev_device_del in the uacce_remove.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1bc3e51367c420e6db31f41efa874c7a8e12194a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/819d647406200d0e83e56fd2df8f451b11290559\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/98d67a1bd6caddd0a8b8c82a0b925742cf500936\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a3bece3678f6c88db1f44c602b2a63e84b4040ac\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bd2393ed7712513e7e2dbcb6e21464a67ff9e702\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c94c7188d325bc5137d447d67a2f18f7d4f2f4a3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d9031575a2f8aabc53af3025dd79af313a2e046b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…