CVE-2026-23352

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue related to the freeing of EFI boot services memory. The efi free boot services() function incorrectly uses memblock free late() to free memory reserved with memblock reserve(), leading to a memory leak. This occurs because the function is called before deferred initialization of the memory map is complete, causing uninitialized pages to be skipped during the freeing process. A memory leak of approximately 140MB of RAM has been observed on EC2 t3a.nano instances with limited RAM (512MB). The issue arises from accessing the buddy of the freed page within uninitialized memory map areas. A more robust approach involves deferring the freeing of EFI boot services memory by splitting efi free boot services() into efi unmap boot services() and efi free boot services().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.