FKIE_CVE-2026-23162

Vulnerability from fkie_nvd - Published: 2026-02-14 16:15 - Updated: 2026-02-18 17:52
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/xe/nvm: Fix double-free on aux add failure After a successful auxiliary_device_init(), aux_dev->dev.release (xe_nvm_release_dev()) is responsible for the kfree(nvm). When there is failure with auxiliary_device_add(), driver will call auxiliary_device_uninit(), which call put_device(). So that the .release callback will be triggered to free the memory associated with the auxiliary_device. Move the kfree(nvm) into the auxiliary_device_init() failure path and remove the err goto path to fix below error. " [ 13.232905] ================================================================== [ 13.232911] BUG: KASAN: double-free in xe_nvm_init+0x751/0xf10 [xe] [ 13.233112] Free of addr ffff888120635000 by task systemd-udevd/273 [ 13.233120] CPU: 8 UID: 0 PID: 273 Comm: systemd-udevd Not tainted 6.19.0-rc2-lgci-xe-kernel+ #225 PREEMPT(voluntary) ... [ 13.233125] Call Trace: [ 13.233126] <TASK> [ 13.233127] dump_stack_lvl+0x7f/0xc0 [ 13.233132] print_report+0xce/0x610 [ 13.233136] ? kasan_complete_mode_report_info+0x5d/0x1e0 [ 13.233139] ? xe_nvm_init+0x751/0xf10 [xe] ... " v2: drop err goto path. (Alexander) (cherry picked from commit a3187c0c2bbd947ffff97f90d077ac88f9c2a215)
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/32887d8e4bc0696b3cb6c5915a42b39cfd3434f4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8a44241b0b83a6047c5448da1fff03fcc29496b5
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/nvm: Fix double-free on aux add failure\n\nAfter a successful auxiliary_device_init(), aux_dev-\u003edev.release\n(xe_nvm_release_dev()) is responsible for the kfree(nvm). When\nthere is failure with auxiliary_device_add(), driver will call\nauxiliary_device_uninit(), which call put_device(). So that the\n.release callback will be triggered to free the memory associated\nwith the auxiliary_device.\n\nMove the kfree(nvm) into the auxiliary_device_init() failure path\nand remove the err goto path to fix below error.\n\n\"\n[   13.232905] ==================================================================\n[   13.232911] BUG: KASAN: double-free in xe_nvm_init+0x751/0xf10 [xe]\n[   13.233112] Free of addr ffff888120635000 by task systemd-udevd/273\n\n[   13.233120] CPU: 8 UID: 0 PID: 273 Comm: systemd-udevd Not tainted 6.19.0-rc2-lgci-xe-kernel+ #225 PREEMPT(voluntary)\n...\n[   13.233125] Call Trace:\n[   13.233126]  \u003cTASK\u003e\n[   13.233127]  dump_stack_lvl+0x7f/0xc0\n[   13.233132]  print_report+0xce/0x610\n[   13.233136]  ? kasan_complete_mode_report_info+0x5d/0x1e0\n[   13.233139]  ? xe_nvm_init+0x751/0xf10 [xe]\n...\n\"\n\nv2: drop err goto path. (Alexander)\n\n(cherry picked from commit a3187c0c2bbd947ffff97f90d077ac88f9c2a215)"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\ndrm/xe/nvm: Corrige doble liberaci\u00f3n en fallo de adici\u00f3n de aux\n\nDespu\u00e9s de una exitosa auxiliary_device_init(), aux_dev-\u0026gt;dev.release (xe_nvm_release_dev()) es responsable de la kfree(nvm). Cuando hay un fallo con auxiliary_device_add(), el controlador llamar\u00e1 a auxiliary_device_uninit(), que llama a put_device(). De modo que la devoluci\u00f3n de llamada .release se activar\u00e1 para liberar la memoria asociada con el auxiliary_device.\n\nMueve la kfree(nvm) a la ruta de fallo de auxiliary_device_init() y elimina la ruta err goto para corregir el error a continuaci\u00f3n.\n\n[   13.232905] ==================================================================\n[   13.232911] BUG: KASAN: double-free in xe_nvm_init+0x751/0xf10 [xe]\n[   13.233112] Free of addr ffff888120635000 by task systemd-udevd/273\n\n[   13.233120] CPU: 8 UID: 0 PID: 273 Comm: systemd-udevd Not tainted 6.19.0-rc2-lgci-xe-kernel+ #225 PREEMPT(voluntary)\n...\n[   13.233125] Call Trace:\n[   13.233126]  \n[   13.233127]  dump_stack_lvl+0x7f/0xc0\n[   13.233132]  print_report+0xce/0x610\n[   13.233136]  ? kasan_complete_mode_report_info+0x5d/0x1e0\n[   13.233139]  ? xe_nvm_init+0x751/0xf10 [xe]\n...\n\nv2: elimina la ruta err goto. (Alexander)\n\n(seleccionado de la confirmaci\u00f3n a3187c0c2bbd947ffff97f90d077ac88f9c2a215)"
    }
  ],
  "id": "CVE-2026-23162",
  "lastModified": "2026-02-18T17:52:44.520",
  "metrics": {},
  "published": "2026-02-14T16:15:56.383",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/32887d8e4bc0696b3cb6c5915a42b39cfd3434f4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8a44241b0b83a6047c5448da1fff03fcc29496b5"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.