CVE-2026-23305
- Source
- https://cve.org/CVERecord?id=CVE-2026-23305
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23305.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23305
- Downstream
- Published
- 2026-03-25T10:27:00.612Z
- Modified
- 2026-04-02T13:12:20.337966Z
- Summary
- accel/rocket: fix unwinding in error path in rocket_probe
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
accel/rocket: fix unwinding in error path in rocket_probe
When rocketcoreinit() fails (as could be the case with EPROBEDEFER), we need to properly unwind by decrementing the counter we just incremented and if this is the first core we failed to probe, remove the rocket DRM device with rocketdevicefini() as well. This matches the logic in rocketremove(). Failing to properly unwind results in out-of-bounds accesses.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23305.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/34f4495a7f72895776b81969639f527c99eb12b9
- https://git.kernel.org/stable/c/7fc4b49474c836cee7d9801abf05e0198fcbfa74
- https://git.kernel.org/stable/c/eeaf28c8f4defe371a008a5ddefaf18abf534f81
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23305.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23305