CVE-2026-23350
Published: 25 March 2026
Summary
CVE-2026-23350 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the vulnerability by requiring timely patching of the Linux kernel to include the missing fini call on exec queue creation failure, preventing damaged queue entries in the GuC list.
Requires robust error handling in kernel code to ensure cleanup like the fini call occurs on exec queue creation failures, avoiding persistent invalid queue references.
Implements memory protection mechanisms that mitigate exploitation of invalid memory references triggered by the unremoved damaged queue entry.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption bug directly enables privilege escalation via arbitrary code execution (T1068) and system crashes/DoS (T1499.004) by a low-privileged attacker.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this would mean skipping removal of the queue from GuC…
more
list (which is part of guc_id allocation). A damaged queue stored in exec_queue_lookup list would lead to invalid memory reference, sooner or later. Call fini to free guc_id. This must be done before any internal LRCs are freed. Since the finalization with this extra call became very similar to __xe_exec_queue_fini(), reuse that. To make this reuse possible, alter xe_lrc_put() so it can survive NULL parameters, like other similar functions. v2: Reuse _xe_exec_queue_fini(). Make xe_lrc_put() aware of NULLs. (cherry picked from commit 393e5fea6f7d7054abc2c3d97a4cfe8306cd6079)
Deeper analysisAI
CVE-2026-23350 is a vulnerability in the Linux kernel's DRM/Xe driver, specifically in the exec queue management code. When exec queue creation fails, the code previously skipped the corresponding fini call, which is responsible for removing the queue from the GuC list as part of guc_id allocation. This omission leaves a damaged queue entry in the exec_queue_lookup list, eventually leading to invalid memory references. The issue is classified under CWE-401 (Memory Leak) and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, such as system crashes or potential arbitrary code execution via the invalid memory references triggered by the persistent damaged queue entry.
Mitigation involves applying the relevant kernel patches from the stable repository. The fixes, cherry-picked from upstream commit 393e5fea6f7d7054abc2c3d97a4cfe8306cd6079, ensure a fini call is made on creation failure to free the guc_id before internal LRCs are freed. This reuses __xe_exec_queue_fini() and modifies xe_lrc_put() to handle NULL parameters safely, as detailed in the commits at https://git.kernel.org/stable/c/99f9b5343cae80eb0dfe050baf6c86d722b3ba2e and https://git.kernel.org/stable/c/fae65b8a4449ae556990efcde8d74bec4adc5925.
Details
- CWE(s)