CVE-2026-23091

In the Linux kernel, the following vulnerability has been resolved: intel_th: fix device leak on output open() Make sure to drop the reference taken when looking up the th device during output device open() on errors and on close(). Note that a recent commit fixed the leak in a couple of open() error paths but not all of them, and the reference is still leaking on successful open().

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c	Patch
https://git.kernel.org/stable/c/64015cbf06e8bb75b81ae95b997e847b55280f7f	Patch
https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3	Patch
https://git.kernel.org/stable/c/af4b9467296b9a16ebc008147238070236982b6d	Patch
https://git.kernel.org/stable/c/b71e64ef7ff9443835d1333e3e80ab1e49e5209f	Patch
https://git.kernel.org/stable/c/bf7785434b5d05d940d936b78925080950bd54dd	Patch
https://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::

History

17 Mar 2026, 21:09

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: intel_th: corrige la fuga de dispositivo al abrir la salida Asegúrese de liberar la referencia tomada al buscar el dispositivo th durante la apertura del dispositivo de salida en caso de errores y al cerrar. Tenga en cuenta que una confirmación reciente corrigió la fuga en un par de rutas de error de open(), pero no en todas ellas, y la referencia sigue fugándose en una apertura exitosa.
References	~~() https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c -~~	() https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c - Patch
References	~~() https://git.kernel.org/stable/c/64015cbf06e8bb75b81ae95b997e847b55280f7f -~~	() https://git.kernel.org/stable/c/64015cbf06e8bb75b81ae95b997e847b55280f7f - Patch
References	~~() https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3 -~~	() https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3 - Patch
References	~~() https://git.kernel.org/stable/c/af4b9467296b9a16ebc008147238070236982b6d -~~	() https://git.kernel.org/stable/c/af4b9467296b9a16ebc008147238070236982b6d - Patch
References	~~() https://git.kernel.org/stable/c/b71e64ef7ff9443835d1333e3e80ab1e49e5209f -~~	() https://git.kernel.org/stable/c/b71e64ef7ff9443835d1333e3e80ab1e49e5209f - Patch
References	~~() https://git.kernel.org/stable/c/bf7785434b5d05d940d936b78925080950bd54dd -~~	() https://git.kernel.org/stable/c/bf7785434b5d05d940d936b78925080950bd54dd - Patch
References	~~() https://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2 -~~	() https://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2 - Patch
First Time		Linux Linux linux Kernel
CWE		CWE-401
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

06 Feb 2026, 17:16

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/64015cbf06e8bb75b81ae95b997e847b55280f7f - () https://git.kernel.org/stable/c/af4b9467296b9a16ebc008147238070236982b6d - () https://git.kernel.org/stable/c/b71e64ef7ff9443835d1333e3e80ab1e49e5209f -

04 Feb 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-04 17:16

Updated : 2026-03-17 21:09

NVD link : CVE-2026-23091

Mitre link : CVE-2026-23091

CVE.ORG link : CVE-2026-23091

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.5 /10