CVE-2026-23087

In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() Memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove() leading to potential memory leaks on remove, as well as in the scsiback_probe() error paths. Fix that by freeing it in scsiback_remove().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/24c441f0e24da175d7912095663f526ac480dc4f	Patch
https://git.kernel.org/stable/c/32e52b56056daf0f0881fd9254706acf25b4be97	Patch
https://git.kernel.org/stable/c/427b0fb30ddec3bad05dcd73b00718f98c7026d2	Patch
https://git.kernel.org/stable/c/4a975c72429b050c234405668b742cdecc11548e	Patch
https://git.kernel.org/stable/c/901a5f309daba412e2a30364d7ec1492fa11c32c	Patch
https://git.kernel.org/stable/c/a8bb3ec8d85951a56af0a72d93ccbc2aee42eef9	Patch
https://git.kernel.org/stable/c/f86264ec0e2b102fcd49bf3e4f32fee669d482fc	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::

History

17 Mar 2026, 21:10

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-401
First Time		Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: scsi: xen: scsiback: Corrección de posible fuga de memoria en scsiback_remove() La memoria asignada para la estructura vscsiblk_info en scsiback_probe() no es liberada en scsiback_remove(), lo que lleva a posibles fugas de memoria al eliminar, así como en las rutas de error de scsiback_probe(). Esto se corrige liberándola en scsiback_remove().
References	~~() https://git.kernel.org/stable/c/24c441f0e24da175d7912095663f526ac480dc4f -~~	() https://git.kernel.org/stable/c/24c441f0e24da175d7912095663f526ac480dc4f - Patch
References	~~() https://git.kernel.org/stable/c/32e52b56056daf0f0881fd9254706acf25b4be97 -~~	() https://git.kernel.org/stable/c/32e52b56056daf0f0881fd9254706acf25b4be97 - Patch
References	~~() https://git.kernel.org/stable/c/427b0fb30ddec3bad05dcd73b00718f98c7026d2 -~~	() https://git.kernel.org/stable/c/427b0fb30ddec3bad05dcd73b00718f98c7026d2 - Patch
References	~~() https://git.kernel.org/stable/c/4a975c72429b050c234405668b742cdecc11548e -~~	() https://git.kernel.org/stable/c/4a975c72429b050c234405668b742cdecc11548e - Patch
References	~~() https://git.kernel.org/stable/c/901a5f309daba412e2a30364d7ec1492fa11c32c -~~	() https://git.kernel.org/stable/c/901a5f309daba412e2a30364d7ec1492fa11c32c - Patch
References	~~() https://git.kernel.org/stable/c/a8bb3ec8d85951a56af0a72d93ccbc2aee42eef9 -~~	() https://git.kernel.org/stable/c/a8bb3ec8d85951a56af0a72d93ccbc2aee42eef9 - Patch
References	~~() https://git.kernel.org/stable/c/f86264ec0e2b102fcd49bf3e4f32fee669d482fc -~~	() https://git.kernel.org/stable/c/f86264ec0e2b102fcd49bf3e4f32fee669d482fc - Patch

06 Feb 2026, 17:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/427b0fb30ddec3bad05dcd73b00718f98c7026d2 - () https://git.kernel.org/stable/c/4a975c72429b050c234405668b742cdecc11548e - () https://git.kernel.org/stable/c/a8bb3ec8d85951a56af0a72d93ccbc2aee42eef9 -

04 Feb 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-04 17:16

Updated : 2026-03-17 21:10

NVD link : CVE-2026-23087

Mitre link : CVE-2026-23087

CVE.ORG link : CVE-2026-23087

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10