| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026021421-CVE-2026-23170-7a51@gregkh> Date: Sat, 14 Feb 2026 17:04:36 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2026-23170: drm/imx/tve: fix probe device leak From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/imx/tve: fix probe device leak Make sure to drop the reference taken to the DDC device during probe on probe failure (e.g. probe deferral) and on driver unbind. The Linux kernel CVE team has assigned CVE-2026-23170 to this issue. Affected and fixed versions =========================== Issue introduced in 3.10 with commit fcbc51e54d2aa9d402206601f4894251049e5d77 and fixed in 5.10.249 with commit f212652982c6725986cfa42fbf10d1dfa92c010e Issue introduced in 3.10 with commit fcbc51e54d2aa9d402206601f4894251049e5d77 and fixed in 5.15.199 with commit 52755c5680ce333b33d0750a200fbc99420ed2b2 Issue introduced in 3.10 with commit fcbc51e54d2aa9d402206601f4894251049e5d77 and fixed in 6.1.162 with commit 4aaff8f6ab38f81e00ab8aa1fcfb7eb20cd87ba1 Issue introduced in 3.10 with commit fcbc51e54d2aa9d402206601f4894251049e5d77 and fixed in 6.6.123 with commit 9a15d3fdc22d48f597792aee0cf1bf0947fc62e6 Issue introduced in 3.10 with commit fcbc51e54d2aa9d402206601f4894251049e5d77 and fixed in 6.12.69 with commit 77365382585b40559d63538d09e26e4b2af28fbc Issue introduced in 3.10 with commit fcbc51e54d2aa9d402206601f4894251049e5d77 and fixed in 6.18.9 with commit ca68745e820ecd210e3ab018497c9e6b69025c4b Issue introduced in 3.10 with commit fcbc51e54d2aa9d402206601f4894251049e5d77 and fixed in 6.19 with commit e535c23513c63f02f67e3e09e0787907029efeaf Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-23170 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/imx/ipuv3/imx-tve.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f212652982c6725986cfa42fbf10d1dfa92c010e https://git.kernel.org/stable/c/52755c5680ce333b33d0750a200fbc99420ed2b2 https://git.kernel.org/stable/c/4aaff8f6ab38f81e00ab8aa1fcfb7eb20cd87ba1 https://git.kernel.org/stable/c/9a15d3fdc22d48f597792aee0cf1bf0947fc62e6 https://git.kernel.org/stable/c/77365382585b40559d63538d09e26e4b2af28fbc https://git.kernel.org/stable/c/ca68745e820ecd210e3ab018497c9e6b69025c4b https://git.kernel.org/stable/c/e535c23513c63f02f67e3e09e0787907029efeaf
Powered by blists - more mailing lists