CVE-2026-23305
Out-of-Bounds Access in Linux Rocket DRM Due to Improper Unwinding
Publication date: 2026-03-25
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's rocket driver, specifically in the error handling path of the rocket_probe function.
When the rocket_core_init() function fails, such as when it returns EPROBE_DEFER, the code does not properly unwind the changes it made. This means it fails to decrement a counter it previously incremented and, if this is the first core that failed to probe, it does not remove the rocket DRM device using rocket_device_fini().
This improper unwinding leads to out-of-bounds memory accesses, which can cause instability or crashes.
How can this vulnerability impact me? :
The vulnerability can cause out-of-bounds memory accesses in the Linux kernel when the rocket driver fails to initialize properly.
Such out-of-bounds accesses may lead to system instability, crashes, or potentially allow an attacker to exploit the kernel for further malicious actions.