CVE-2026-23091

EUVD-2026-5451
In the Linux kernel, the following vulnerability has been resolved:

intel_th: fix device leak on output open()

Make sure to drop the reference taken when looking up the th device
during output device open() on errors and on close().

Note that a recent commit fixed the leak in a couple of open() error
paths but not all of them, and the reference is still leaking on
successful open().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
6.1.162-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.249-1
fixed
forky
6.18.9-1
fixed
sid
6.18.12-1
fixed
trixie
vulnerable
trixie (security)
6.12.73-1
fixed
linux-6.1
bullseye (security)
6.1.162-1~deb11u1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c
https://git.kernel.org/stable/c/64015cbf06e8bb75b81ae95b997e847b55280f7f
https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3
https://git.kernel.org/stable/c/af4b9467296b9a16ebc008147238070236982b6d
https://git.kernel.org/stable/c/b71e64ef7ff9443835d1333e3e80ab1e49e5209f
https://git.kernel.org/stable/c/bf7785434b5d05d940d936b78925080950bd54dd
https://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2