CVE-2026-23426
Received Received - Intake
Device Node Reference Leak in Linux drm/logicvc Component

Publication date: 2026-04-03

Last updated on: 2026-04-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logicvc_drm_config_parse() function calls of_get_child_by_name() to find the "layers" node but fails to release the reference, leading to a device node reference leak. Fix this by using the __free(device_node) cleanup attribute to automatic release the reference when the variable goes out of scope.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-23
Generated
2026-05-27
AI Q&A
2026-04-04
EPSS Evaluated
2026-05-26
NVD
CVE-2026-23426
EUVD
EUVD-2026-18650
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.0
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 6.0.1 (inc) to 6.1.167 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by updating the Linux kernel to a version where the logicvc_drm_config_parse() function properly releases the device node reference by using the __free(device_node) cleanup attribute.

Therefore, the immediate mitigation step is to apply the patch or update your Linux kernel to the fixed version published on or after 2026-04-03.


Can you explain this vulnerability to me?

This vulnerability is a device node reference leak in the Linux kernel's drm/logicvc component. Specifically, the function logicvc_drm_config_parse() calls of_get_child_by_name() to find a "layers" node but fails to release the reference properly. This leads to a leak of the device node reference.

The issue was fixed by using the __free(device_node) cleanup attribute, which automatically releases the reference when the variable goes out of scope.


How can this vulnerability impact me? :

This vulnerability causes a device node reference leak in the Linux kernel's drm/logicvc component due to the logicvc_drm_config_parse() function failing to release a reference properly.

Such a reference leak can lead to resource exhaustion over time, potentially degrading system performance or stability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart