CVE-2026-23305 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocket_probe When rocket_core_init() fails (as could be the case with EPROBE_DEFER), we need to properly unwind by decrementing the counter we just incremented and if this is the first core we failed to probe, remove the rocket DRM device with rocket_device_fini() as well. This matches the logic in rocket_remove(). Failing to properly unwind results in out-of-bounds accesses.

PUBLISHED Reserved 2026-01-13 | Published 2026-03-25 | Updated 2026-05-11 | Assigner Linux

Product status

Default status

unaffected

0810d5ad88a18f1e6d549853a388ad0316f74e36 (git) before 7fc4b49474c836cee7d9801abf05e0198fcbfa74

affected

0810d5ad88a18f1e6d549853a388ad0316f74e36 (git) before eeaf28c8f4defe371a008a5ddefaf18abf534f81

affected

0810d5ad88a18f1e6d549853a388ad0316f74e36 (git) before 34f4495a7f72895776b81969639f527c99eb12b9

affected

Default status

affected

6.18

affected

Any version before 6.18

unaffected

6.18.17 (semver)

unaffected

6.19.7 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/7fc4b49474c836cee7d9801abf05e0198fcbfa74

git.kernel.org/...c/eeaf28c8f4defe371a008a5ddefaf18abf534f81

git.kernel.org/...c/34f4495a7f72895776b81969639f527c99eb12b9

cve.org (CVE-2026-23305)

nvd.nist.gov (CVE-2026-23305)

Download JSON

help @ threatint.eu