Linux Kernel DRM Exec Queue Leak: Missing fini causes invalid memory ref
CVE-2026-23350 Published on March 25, 2026
drm/xe/queue: Call fini on exec queue creation fail
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/queue: Call fini on exec queue creation fail
Every call to queue init should have a corresponding fini call.
Skipping this would mean skipping removal of the queue from GuC list
(which is part of guc_id allocation). A damaged queue stored in
exec_queue_lookup list would lead to invalid memory reference,
sooner or later.
Call fini to free guc_id. This must be done before any internal
LRCs are freed.
Since the finalization with this extra call became very similar to
__xe_exec_queue_fini(), reuse that. To make this reuse possible,
alter xe_lrc_put() so it can survive NULL parameters, like other
similar functions.
v2: Reuse _xe_exec_queue_fini(). Make xe_lrc_put() aware of NULLs.
(cherry picked from commit 393e5fea6f7d7054abc2c3d97a4cfe8306cd6079)
Products Associated with CVE-2026-23350
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 3c1fa4aa60b146d1fa73b2b87064303f8e4b7952 and below fae65b8a4449ae556990efcde8d74bec4adc5925 is affected.
- Version 3c1fa4aa60b146d1fa73b2b87064303f8e4b7952 and below 99f9b5343cae80eb0dfe050baf6c86d722b3ba2e is affected.
- Version 6.19 is affected.
- Before 6.19 is unaffected.
- Version 6.19.7, <= 6.19.* is unaffected.
- Version 7.0-rc3, <= * is unaffected.