CVE-2026-23471
Received Received - Intake
Use-After-Free Vulnerability in Linux DRM Framebuffers Causing Kernel OOPS

Publication date: 2026-04-03

Last updated on: 2026-04-13

Assigner: kernel.org

Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-04-13
NVD
CVE-2026-23471
EUVD
EUVD-2026-18742
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
intel xe *
intel drm *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free issue in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically related to framebuffers and property blobs when calling drm_dev_unplug.

It occurs when aggressive testing of the 'xe_module_load --r reload' command is performed with a full desktop environment and game running, causing the system to dereference pointers that have already been freed.

This leads to kernel warnings and errors (OOPSes) due to accessing invalid memory, which can cause system instability or crashes.

The issue was fixed by adding guards around the freeing process in drm_file using drm_dev_enter/exit and immediately clearing references from drm_file objects during drm_dev_unplug.

Compliance Impact

The provided information about CVE-2026-23471 does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can cause system instability or crashes due to the kernel dereferencing freed memory pointers related to graphics framebuffers.

If exploited or triggered, it may lead to denial of service by causing the graphical environment or the entire system to crash unexpectedly.

Such crashes could disrupt normal operations, especially in environments relying on stable graphical output or GPU functionality.

Detection Guidance

This vulnerability manifests as use-after-free errors related to framebuffers and property blobs in the Linux kernel's DRM subsystem. Detection involves monitoring kernel logs for specific warning messages and OOPS traces.

  • Check kernel logs for warnings such as WARN_ON(!list_empty(&dev->mode_config.fb_list)) and drm_WARN_ON(!list_empty(&fb->filp_head))
  • Look for OOPS messages indicating general protection faults related to drm_framebuffer_cleanup or drm_framebuffer_free.
  • Use the command: dmesg | grep -i drm to filter DRM-related kernel messages.
  • Use journalctl -k | grep -i drm for systems using systemd to review kernel logs for DRM warnings.
Mitigation Strategies

The vulnerability has been resolved by changes in the Linux kernel that properly guard freeing operations in the DRM subsystem. Immediate mitigation involves updating the Linux kernel to a version that includes this fix.

  • Update your Linux kernel to the latest stable release that contains the fix for drm_dev_unplug use-after-free issues.
  • Avoid running aggressive module reload tests (such as igt's xe_module_load --r reload) in production environments until patched.
  • Monitor system logs for related warnings and OOPS messages to detect if the vulnerability is being triggered.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23471. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart