CVE-2026-23305

ANALYSIS PENDING

accel/rocket: fix unwinding in error path in rocket_probe

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: accel/rocket: fix unwinding in error path in rocket_probe When rocket_core_init() fails (as could be the case with EPROBE_DEFER), we need to properly unwind by decrementing the counter we just incremented and if this is the first core we failed to probe, remove the rocket DRM device with rocket_device_fini() as well. This matches the logic in rocket_remove(). Failing to properly unwind results in out-of-bounds accesses.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/7fc4b49474c836cee7d9801abf05e0198fcbfa74

https://git.kernel.org/stable/c/eeaf28c8f4defe371a008a5ddefaf18abf534f81

https://git.kernel.org/stable/c/34f4495a7f72895776b81969639f527c99eb12b9

Scores

EPSS 0.0002

EPSS Percentile 7.0%

Details

Status published

Products (11)

linux/Kernel 6.18.0 - 6.18.17linux

linux/Kernel 6.19.0 - 6.19.7linux

Linux/Linux < 6.18

Linux/Linux 0810d5ad88a18f1e6d549853a388ad0316f74e36 - 34f4495a7f72895776b81969639f527c99eb12b9

Linux/Linux 0810d5ad88a18f1e6d549853a388ad0316f74e36 - 7fc4b49474c836cee7d9801abf05e0198fcbfa74

Linux/Linux 0810d5ad88a18f1e6d549853a388ad0316f74e36 - eeaf28c8f4defe371a008a5ddefaf18abf534f81

Linux/Linux 6.18

Linux/Linux 6.18.17 - 6.18.*

Linux/Linux 6.19.7 - 6.19.*

Linux/Linux 7.0

... and 1 more

Published Mar 25, 2026

Tracked Since Mar 25, 2026