CVE-2026-23350

Published: Mar 25, 2026

Modified: May 11, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC list (which is part of guc_id allocation). A damaged queue stored in exec_queue_lookup list would lead to invalid memory reference, sooner or later. Call fini to free guc_id. This must be done before any internal LRCs are freed. Since the finalization with this extra call became very similar to __xe_exec_queue_fini(), reuse that. To make this reuse possible, alter xe_lrc_put() so it can survive NULL parameters, like other similar functions. v2: Reuse _xe_exec_queue_fini(). Make xe_lrc_put() aware of NULLs. (cherry picked from commit 393e5fea6f7d7054abc2c3d97a4cfe8306cd6079)

Vendor	Product	Versions
Linux	Linux	affected `3c1fa4aa60b146d1fa73b2b87064303f8e4b7952 - < fae65b8a4449ae556990efcde8d74bec4adc5925` affected `3c1fa4aa60b146d1fa73b2b87064303f8e4b7952 - < 99f9b5343cae80eb0dfe050baf6c86d722b3ba2e`
Linux	Linux	affected `6.19` unaffected `0 - < 6.19` unaffected `6.19.7 - <= 6.19.` unaffected `7.0 - <= `

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://git.kernel.org/stable/c/fae65b8a4449ae556990efcde8d74bec4adc5925

https://git.kernel.org/stable/c/99f9b5343cae80eb0dfe050baf6c86d722b3ba2e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-23350

Description

Affected Products

CVSS v3.1 Details

References