CVE-2026-52904 is a vulnerability in Linux Kernel
Published on June 9, 2026
drm/nouveau: fix nvkm_device leak on aperture removal failure
In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix nvkm_device leak on aperture removal failure
When aperture_remove_conflicting_pci_devices() fails during probe, the
error path returns directly without unwinding the nvkm_device that was
just allocated by nvkm_device_pci_new(). This leaks both the device
wrapper and the pci_enable_device() reference taken inside it.
Jump to the existing fail_nvkm label so nvkm_device_del() runs and
balances both. The leak was introduced when the intermediate
nvkm_device_del() between detection and aperture removal was dropped
in favor of creating the pci device once.
Products Associated with CVE-2026-52904
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version c0bfe34330b5fafdbbc63a7124841711651b96b9 and below 5edd564ccb002ffc830e7818c1c4a992db774678 is affected.
- Version c0bfe34330b5fafdbbc63a7124841711651b96b9 and below 4404d7d2dda4f3cc84a8fb6ac5417a2afc3b22d6 is affected.
- Version c0bfe34330b5fafdbbc63a7124841711651b96b9 and below 843c0247cf21364e33bb5a8ffc9af57107d04d05 is affected.
- Version c0bfe34330b5fafdbbc63a7124841711651b96b9 and below 6597ff1d8de3f583be169587efeafd8af134e138 is affected.
- Version 6.12 is affected.
- Before 6.12 is unaffected.
- Version 6.12.86, <= 6.12.* is unaffected.
- Version 6.18.27, <= 6.18.* is unaffected.
- Version 7.0.4, <= 7.0.* is unaffected.
- Version 7.1-rc1, <= * is unaffected.