CVE-2026-23350

EUVD-2026-15321
In the Linux kernel, the following vulnerability has been resolved:

drm/xe/queue: Call fini on exec queue creation fail

Every call to queue init should have a corresponding fini call.
Skipping this would mean skipping removal of the queue from GuC list
(which is part of guc_id allocation). A damaged queue stored in
exec_queue_lookup list would lead to invalid memory reference,
sooner or later.

Call fini to free guc_id. This must be done before any internal
LRCs are freed.

Since the finalization with this extra call became very similar to
__xe_exec_queue_fini(), reuse that. To make this reuse possible,
alter xe_lrc_put() so it can survive NULL parameters, like other
similar functions.

v2: Reuse _xe_exec_queue_fini(). Make xe_lrc_put() aware of NULLs.

(cherry picked from commit 393e5fea6f7d7054abc2c3d97a4cfe8306cd6079)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.19.1 ≤
𝑥
< 6.19.7
linuxlinux_kernel
6.19
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.170-3
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-4
fixed
forky
7.0.4-1
fixed
sid
7.0.4-1
fixed
trixie
6.12.73-1
fixed
trixie (security)
6.12.86-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/99f9b5343cae80eb0dfe050baf6c86d722b3ba2e
https://git.kernel.org/stable/c/fae65b8a4449ae556990efcde8d74bec4adc5925