CVE-2026-46224
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability related to memory leak in the xe_dma_buf_init_obj() function has been fixed in the Linux kernel in case of allocation failure. On error, the previously allocated memory is not freed, which can lead to memory leaks.
Risk Assessment
The organization may experience performance issues and increased memory usage, potentially leading to application or operating system crashes.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and prevent potential memory leaks.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure When drm_gpuvm_resv_object_alloc() fails, the pre-allocated storage bo is not freed. Add xe_bo_free(storage) before returning the error. xe_dma_buf_init_obj() calls xe_bo_init_locked(), which frees the bo on error. Therefore, xe_dma_buf_init_obj() must also free the bo on its own error paths. Otherwise, since xe_gem_prime_import() cannot distinguish whether the failure originated from xe_dma_buf_init_obj() or from xe_bo_init_locked(), it cannot safely decide whether the bo should be freed. Add comments documenting the ownership semantics: on success, ownership of storage is transferred to the returned drm_gem_object; on failure, storage is freed before returning. v2: Add comments to explain the free logic. (cherry picked from commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9)

