CVE-2026-23026

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original memory pointed to by gchan->config could be lost if krealloc() fails. The issue occurs when: 1. gchan->config points to previously allocated memory 2. krealloc() fails and returns NULL 3. The function directly assigns NULL to gchan->config, losing the reference to the original memory 4. The original memory becomes unreachable and cannot be freed Fix this by using a temporary variable to hold the krealloc() result and only updating gchan->config when the allocation succeeds. Found via static analysis and code review.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8	Patch
https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d1e182728	Patch
https://git.kernel.org/stable/c/4532f18e4ab36def1f55cd936d0fc002b2ce34c2	Patch
https://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85	Patch
https://git.kernel.org/stable/c/694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7	Patch
https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b3698d2e0c89af	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.11:-::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

History

25 Mar 2026, 16:08

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc8:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7:::::: cpe:2.3:o:linux:linux_kernel:5.11:-::::::
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: dmaengine: qcom: gpi: Corrección de fuga de memoria en gpi_peripheral_config() Corrige una fuga de memoria en gpi_peripheral_config() donde la memoria original apuntada por gchan->config podría perderse si krealloc() falla. El problema ocurre cuando: 1. gchan->config apunta a memoria previamente asignada 2. krealloc() falla y devuelve NULL 3. La función asigna directamente NULL a gchan->config, perdiendo la referencia a la memoria original 4. La memoria original se vuelve inalcanzable y no puede ser liberada Corrige esto utilizando una variable temporal para contener el resultado de krealloc() y actualizando gchan->config solo cuando la asignación tiene éxito. Encontrado mediante análisis estático y revisión de código.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-401
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8 -~~	() https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8 - Patch
References	~~() https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d1e182728 -~~	() https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d1e182728 - Patch
References	~~() https://git.kernel.org/stable/c/4532f18e4ab36def1f55cd936d0fc002b2ce34c2 -~~	() https://git.kernel.org/stable/c/4532f18e4ab36def1f55cd936d0fc002b2ce34c2 - Patch
References	~~() https://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85 -~~	() https://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85 - Patch
References	~~() https://git.kernel.org/stable/c/694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7 -~~	() https://git.kernel.org/stable/c/694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7 - Patch
References	~~() https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b3698d2e0c89af -~~	() https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b3698d2e0c89af - Patch

06 Feb 2026, 17:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/4532f18e4ab36def1f55cd936d0fc002b2ce34c2 - () https://git.kernel.org/stable/c/694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7 -

31 Jan 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-31 12:16

Updated : 2026-03-25 16:08

NVD link : CVE-2026-23026

Mitre link : CVE-2026-23026

CVE.ORG link : CVE-2026-23026

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10