CVE-2026-23471
Use-After-Free Vulnerability in Linux DRM Framebuffers Causing Kernel OOPS
Publication date: 2026-04-03
Last updated on: 2026-04-13
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intel | xe | * |
| intel | drm | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information about CVE-2026-23471 does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a use-after-free issue in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically related to framebuffers and property blobs when calling drm_dev_unplug.
It occurs when aggressive testing of the 'xe_module_load --r reload' command is performed with a full desktop environment and game running, causing the system to dereference pointers that have already been freed.
This leads to kernel warnings and errors (OOPSes) due to accessing invalid memory, which can cause system instability or crashes.
The issue was fixed by adding guards around the freeing process in drm_file using drm_dev_enter/exit and immediately clearing references from drm_file objects during drm_dev_unplug.
How can this vulnerability impact me? :
This vulnerability can cause system instability or crashes due to the kernel dereferencing freed memory pointers related to graphics framebuffers.
If exploited or triggered, it may lead to denial of service by causing the graphical environment or the entire system to crash unexpectedly.
Such crashes could disrupt normal operations, especially in environments relying on stable graphical output or GPU functionality.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as use-after-free errors related to framebuffers and property blobs in the Linux kernel's DRM subsystem. Detection involves monitoring kernel logs for specific warning messages and OOPS traces.
- Check kernel logs for warnings such as WARN_ON(!list_empty(&dev->mode_config.fb_list)) and drm_WARN_ON(!list_empty(&fb->filp_head))
- Look for OOPS messages indicating general protection faults related to drm_framebuffer_cleanup or drm_framebuffer_free.
- Use the command: dmesg | grep -i drm to filter DRM-related kernel messages.
- Use journalctl -k | grep -i drm for systems using systemd to review kernel logs for DRM warnings.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by changes in the Linux kernel that properly guard freeing operations in the DRM subsystem. Immediate mitigation involves updating the Linux kernel to a version that includes this fix.
- Update your Linux kernel to the latest stable release that contains the fix for drm_dev_unplug use-after-free issues.
- Avoid running aggressive module reload tests (such as igt's xe_module_load --r reload) in production environments until patched.
- Monitor system logs for related warnings and OOPS messages to detect if the vulnerability is being triggered.