Linux Kernel: NVMe Admin Queue Leak on Controller Reset (CVE-2026-23360)
CVE-2026-23360 Published on March 25, 2026
nvme: fix admin queue leak on controller reset
In the Linux kernel, the following vulnerability has been resolved:
nvme: fix admin queue leak on controller reset
When nvme_alloc_admin_tag_set() is called during a controller reset,
a previous admin queue may still exist. Release it properly before
allocating a new one to avoid orphaning the old queue.
This fixes a regression introduced by commit 03b3bcd319b3 ("nvme: fix
admin request_queue lifetime").
Products Associated with CVE-2026-23360
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version e8061d02b49c5c901980f58d91e96580e9a14acf and below 64f87b96de0e645a4c066c7cffd753f334446db6 is affected.
- Version 03b3bcd319b3ab5182bc9aaa0421351572c78ac0 and below e159eb852aeee95443a9458ecb7d072bbb689913 is affected.
- Version 03b3bcd319b3ab5182bc9aaa0421351572c78ac0 and below 8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f is affected.
- Version 03b3bcd319b3ab5182bc9aaa0421351572c78ac0 and below b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d is affected.
- Version ff037b5f47eeccc1636c03f84cd47db094eb73c9 is affected.
- Version a505f0ba36ab24176c300d7ff56aff85c2977e6c is affected.
- Version e7dac681790556c131854b97551337aa8042215b is affected.
- Version 6.18 is affected.
- Before 6.18 is unaffected.
- Version 6.12.77, <= 6.12.* is unaffected.
- Version 6.18.17, <= 6.18.* is unaffected.
- Version 6.19.7, <= 6.19.* is unaffected.
- Version 7.0-rc3, <= * is unaffected.