CVE-2026-23162

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc2-lgci-xe-kernel+ #225

Description The Linux kernel contains a flaw in the drm/xe/nvm subsystem that can lead to a double-free condition during auxiliary device initialization failure. Specifically, a memory region is freed twice – once during successful initialization and again during uninitialization when auxiliary device addition fails. This can result in system instability and potentially lead to a kernel panic, as demonstrated by a KASAN report. The issue is triggered when auxiliary device init() succeeds, but auxiliary device add() fails. The fix involves moving the kfree(nvm) call into the failure path of auxiliary device init() to prevent the double-free.

Recommendations Update to a version of the Linux kernel newer than 6.19.0-rc2-lgci-xe-kernel+ #225.