{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23426", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.015Z", "datePublished": "2026-04-03T13:24:34.276Z", "dateUpdated": "2026-04-03T13:24:34.276Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T13:24:34.276Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()\n\nThe logicvc_drm_config_parse() function calls of_get_child_by_name() to\nfind the \"layers\" node but fails to release the reference, leading to a\ndevice node reference leak.\n\nFix this by using the __free(device_node) cleanup attribute to automatic\nrelease the reference when the variable goes out of scope."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/logicvc/logicvc_drm.c"], "versions": [{"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "b88f49910be147b7974098b9172b0d3873142d6a", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "0bd326dffd9e103335d77d9c31275c0d5a7979eb", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "871630255ecd2d9b64ad1d75a7dfc0567d7d9989", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "f8a6eba20edb938166b26e133cc61306e1bc6de9", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "78e91e49d28e05ccaa6b445bafb5e367d57c9583", "status": "affected", "versionType": "git"}, {"version": "efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5", "lessThan": "fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/gpu/drm/logicvc/logicvc_drm.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a"}, {"url": "https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb"}, {"url": "https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989"}, {"url": "https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9"}, {"url": "https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583"}, {"url": "https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207"}], "title": "drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()\n\nThe logicvc_drm_config_parse() function calls of_get_child_by_name() to\nfind the \"layers\" node but fails to release the reference, leading to a\ndevice node reference leak.\n\nFix this by using the __free(device_node) cleanup attribute to automatic\nrelease the reference when the variable goes out of scope."}], "id": "CVE-2026-23426", "lastModified": "2026-04-03T16:10:23.730", "metrics": {}, "published": "2026-04-03T14:16:28.890", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0bd326dffd9e103335d77d9c31275c0d5a7979eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/78e91e49d28e05ccaa6b445bafb5e367d57c9583"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/871630255ecd2d9b64ad1d75a7dfc0567d7d9989"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b88f49910be147b7974098b9172b0d3873142d6a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f8a6eba20edb938166b26e133cc61306e1bc6de9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,b88f49910be147b7974098b9172b0d3873142d6a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,0bd326dffd9e103335d77d9c31275c0d5a7979eb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,871630255ecd2d9b64ad1d75a7dfc0567d7d9989)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,f8a6eba20edb938166b26e133cc61306e1bc6de9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,78e91e49d28e05ccaa6b445bafb5e367d57c9583)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[efeeaefe9be56e8ae5e5b4e9ff6d2275ec977ec5,fef0e649f8b42bdffe4a916dd46e1b1e9ad2f207)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc2,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-03T18:05:30.534212+00:00", "value": {"mitigation_remediation": ["Apply a recent kernel update that contains the logicvc_drm_config_parse device node reference leak fix.", "If an immediate update is not feasible, disable the logicvc DRM driver until a patch is available.", "Monitor system logs for indications of device node reference leaks or abnormal driver activity.", "Verify that no unpatched logicvc sources are present in custom kernel builds."], "summary": {"action": "Apply Patch", "impact": "Device Node Reference Leak"}, "threat_synthesis": {"affected_systems": "The vulnerability affects any Linux kernel that contains the unpatched logicvc DRM component. Because the driver is part of the core kernel, the flaw is independent of distribution and applies to all releases that still include the legacy logicvc implementation. No specific affected version range is listed, so all kernels prior to the inclusion of the fix are potentially impacted.", "description_and_impact": "The Linux kernel\u2019s DRM logicvc driver has a flaw where the function logicvc_drm_config_parse obtains a reference to a device node but never releases it, which can cause the node\u2019s reference count to grow without bound. Based on the description, it is inferred that this leak could lead to resource exhaustion or kernel instability if it accumulates over time. The weakness is improper resource cleanup, corresponding to CWE\u2011772.", "risk_and_exploitability": "The CVSS score, EPSS score, and KEV status are not provided, indicating a lack of published severity metrics or known widespread exploitation. Based on the description, it is inferred that an attacker would need to load or reconfigure the logicvc driver to invoke logicvc_drm_config_parse and trigger the reference leak repeatedly. The risk stems from possible uncontrolled resource consumption, but the practical exploitability remains uncertain without further evidence."}}}}, "created": "2026-04-03T21:14:12.836698+00:00", "updated": "2026-04-03T21:16:28.534866+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}