CVE-2026-46224
Received Received - Intake
Memory Leak in Linux Kernel DRM/XE Driver

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure When drm_gpuvm_resv_object_alloc() fails, the pre-allocated storage bo is not freed. Add xe_bo_free(storage) before returning the error. xe_dma_buf_init_obj() calls xe_bo_init_locked(), which frees the bo on error. Therefore, xe_dma_buf_init_obj() must also free the bo on its own error paths. Otherwise, since xe_gem_prime_import() cannot distinguish whether the failure originated from xe_dma_buf_init_obj() or from xe_bo_init_locked(), it cannot safely decide whether the bo should be freed. Add comments documenting the ownership semantics: on success, ownership of storage is transferred to the returned drm_gem_object; on failure, storage is freed before returning. v2: Add comments to explain the free logic. (cherry picked from commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-05-28
AI Q&A
2026-05-28
EPSS Evaluated
N/A
NVD
CVE-2026-46224
EUVD
EUVD-2026-32851
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's drm/xe component. Specifically, when the function drm_gpuvm_resv_object_alloc() fails during allocation, a pre-allocated buffer object (bo) is not freed properly, causing a resource leak.

The issue arises because xe_dma_buf_init_obj() calls xe_bo_init_locked(), which frees the bo on error, but xe_dma_buf_init_obj() itself does not free the bo on its own error paths. This leads to ambiguity in xe_gem_prime_import() about whether the bo should be freed, resulting in the leak.

The fix involves adding explicit freeing of the bo (using xe_bo_free(storage)) before returning an error, and adding comments to clarify ownership semantics of the storage object.


How can this vulnerability impact me? :

This vulnerability can lead to a memory leak in the Linux kernel's graphics subsystem. Over time, repeated allocation failures without proper freeing of resources could cause increased memory usage, potentially degrading system performance or leading to resource exhaustion.

Such leaks might affect system stability, especially in environments with heavy graphics workloads or constrained memory resources.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed in the Linux kernel by ensuring that the buffer object (bo) is properly freed on allocation failure in the drm/xe driver. To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix described in the commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9.

No other immediate mitigation steps or workarounds are provided.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart