CVE-2026-23360

When nvmeallocadmintagset() is called during a controller reset, a previous admin queue may still exist. Release it properly before allocating a new one to avoid orphaning the old queue.

This fixes a regression introduced by commit 03b3bcd319b3 ("nvme: fix admin request_queue lifetime").

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23360.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e8061d02b49c5c901980f58d91e96580e9a14acf

Fixed

64f87b96de0e645a4c066c7cffd753f334446db6

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

03b3bcd319b3ab5182bc9aaa0421351572c78ac0

Fixed

e159eb852aeee95443a9458ecb7d072bbb689913

Fixed

8eb2b3cdcd9b6631b94b82c1f4f6bc32b40d942f

Fixed

b84bb7bd913d8ca2f976ee6faf4a174f91c02b8d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ff037b5f47eeccc1636c03f84cd47db094eb73c9

Last affected

a505f0ba36ab24176c300d7ff56aff85c2977e6c

Last affected

e7dac681790556c131854b97551337aa8042215b

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23360.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.12.77

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.17

Type: ECOSYSTEM
Events: Introduced

6.18.0

Fixed

6.19.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23360.json"