In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Fix bo leak in xedmabufinitobj() on allocation failure
When drmgpuvmresvobjectalloc() fails, the pre-allocated storage bo is not freed. Add xebofree(storage) before returning the error.
xedmabufinitobj() calls xeboinitlocked(), which frees the bo on error. Therefore, xedmabufinitobj() must also free the bo on its own error paths. Otherwise, since xegemprimeimport() cannot distinguish whether the failure originated from xedmabufinitobj() or from xeboinit_locked(), it cannot safely decide whether the bo should be freed.
Add comments documenting the ownership semantics: on success, ownership of storage is transferred to the returned drmgemobject; on failure, storage is freed before returning.
v2: Add comments to explain the free logic.
(cherry picked from commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9)
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46224.json",
"cna_assigner": "Linux"
}