CVE-2026-23091

EUVD-2026-5451
In the Linux kernel, the following vulnerability has been resolved:

intel_th: fix device leak on output open()

Make sure to drop the reference taken when looking up the th device
during output device open() on errors and on close().

Note that a recent commit fixed the leak in a couple of open() error
paths but not all of them, and the reference is still leaking on
successful open().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.4 ≤
𝑥
< 5.10.249
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.199
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.162
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.122
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.68
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.8
linuxlinux_kernel
6.19:rc1
linuxlinux_kernel
6.19:rc2
linuxlinux_kernel
6.19:rc3
linuxlinux_kernel
6.19:rc4
linuxlinux_kernel
6.19:rc5
linuxlinux_kernel
6.19:rc6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
6.1.164-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.251-1
fixed
forky
6.19.10-1
fixed
sid
6.19.11-1
fixed
trixie
6.12.73-1
fixed
trixie (security)
6.12.74-2
fixed
linux-6.1
bullseye (security)
6.1.164-1~deb11u1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c
https://git.kernel.org/stable/c/64015cbf06e8bb75b81ae95b997e847b55280f7f
https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3
https://git.kernel.org/stable/c/af4b9467296b9a16ebc008147238070236982b6d
https://git.kernel.org/stable/c/b71e64ef7ff9443835d1333e3e80ab1e49e5209f
https://git.kernel.org/stable/c/bf7785434b5d05d940d936b78925080950bd54dd
https://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2