CVE-2026-23091 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: intel_th: fix device leak on output open() Make sure to drop the reference taken when looking up the th device during output device open() on errors and on close(). Note that a recent commit fixed the leak in a couple of open() error paths but not all of them, and the reference is still leaking on successful open().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c
https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3
https://git.kernel.org/stable/c/bf7785434b5d05d940d936b78925080950bd54dd
https://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2

History

Wed, 04 Feb 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: intel_th: fix device leak on output open() Make sure to drop the reference taken when looking up the th device during output device open() on errors and on close(). Note that a recent commit fixed the leak in a couple of open() error paths but not all of them, and the reference is still leaking on successful open().
Title		intel_th: fix device leak on output open()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3 https://git.kernel.org/stable/c/bf7785434b5d05d940d936b78925080950bd54dd https://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-04T16:08:14.295Z

Updated: 2026-02-04T16:08:14.295Z

Reserved: 2026-01-13T15:37:45.962Z

Link: CVE-2026-23091

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-04T17:16:19.980

Modified: 2026-02-04T17:16:19.980

Link: CVE-2026-23091

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23091", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.962Z", "datePublished": "2026-02-04T16:08:14.295Z", "dateUpdated": "2026-02-04T16:08:14.295Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-02-04T16:08:14.295Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nintel_th: fix device leak on output open()\n\nMake sure to drop the reference taken when looking up the th device\nduring output device open() on errors and on close().\n\nNote that a recent commit fixed the leak in a couple of open() error\npaths but not all of them, and the reference is still leaking on\nsuccessful open()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwtracing/intel_th/core.c"], "versions": [{"version": "39f4034693b7c7bd1fe4cb58c93259d600f55561", "lessThan": "bf7785434b5d05d940d936b78925080950bd54dd", "status": "affected", "versionType": "git"}, {"version": "39f4034693b7c7bd1fe4cb58c93259d600f55561", "lessThan": "0fca16c5591534cc1fec8b6181277ee3a3d0f26c", "status": "affected", "versionType": "git"}, {"version": "39f4034693b7c7bd1fe4cb58c93259d600f55561", "lessThan": "f9b059bda4276f2bb72cb98ec7875a747f042ea2", "status": "affected", "versionType": "git"}, {"version": "39f4034693b7c7bd1fe4cb58c93259d600f55561", "lessThan": "95fc36a234da24bbc5f476f8104a5a15f99ed3e3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwtracing/intel_th/core.c"], "versions": [{"version": "4.4", "status": "affected"}, {"version": "0", "lessThan": "4.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19-rc7", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4", "versionEndExcluding": "6.19-rc7"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/bf7785434b5d05d940d936b78925080950bd54dd"}, {"url": "https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c"}, {"url": "https://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2"}, {"url": "https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3"}], "title": "intel_th: fix device leak on output open()", "x_generator": {"engine": "bippy-1.2.0"}}}}