CVE-2026-46224

Source
https://cve.org/CVERecord?id=CVE-2026-46224
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46224.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46224
Downstream
Related
Published
2026-05-28T09:40:42.819Z
Modified
2026-07-08T08:02:18.050771224Z
Summary
drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/xe: Fix bo leak in xedmabufinitobj() on allocation failure

When drmgpuvmresvobjectalloc() fails, the pre-allocated storage bo is not freed. Add xebofree(storage) before returning the error.

xedmabufinitobj() calls xeboinitlocked(), which frees the bo on error. Therefore, xedmabufinitobj() must also free the bo on its own error paths. Otherwise, since xegemprimeimport() cannot distinguish whether the failure originated from xedmabufinitobj() or from xeboinit_locked(), it cannot safely decide whether the bo should be freed.

Add comments documenting the ownership semantics: on success, ownership of storage is transferred to the returned drmgemobject; on failure, storage is freed before returning.

v2: Add comments to explain the free logic.

(cherry picked from commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9)

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46224.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
eb289a5f6cc668853f9b2ea6aca04afe58ed11c7
Fixed
f9ad21b90162baf1d78f8036ff3813c3ec1ac88e
Fixed
8fa8c2a22585fcb31dc605b91a67bbcca223fdd7
Fixed
93a528f67ce5095bcab46a69839eca97f43dd352

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46224.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.32
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46224.json"