CVE-2026-43396

MEDIUM

drm/xe/sync: Fix user fence leak on alloc failure

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dma_fence_chain_alloc() fails, properly release the user fence reference to prevent a memory leak. (cherry picked from commit a5d5634cde48a9fcd68c8504aa07f89f175074a0)

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/05edc78eb4699e8e000a62aaa8dace50a17e19e3

https://git.kernel.org/stable/c/f8f90b33934b307f6e4599b9fae38aa1ee5441a7

https://git.kernel.org/stable/c/0879c3f04f67e2a1677c25dcc24669ce21eb6a6c

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (11)

Linux/Linux < 6.18

Linux/Linux 0995c2fc39b0f998d40f5d276f67ae22fc1c37c3 - 05edc78eb4699e8e000a62aaa8dace50a17e19e3

Linux/Linux 0995c2fc39b0f998d40f5d276f67ae22fc1c37c3 - 0879c3f04f67e2a1677c25dcc24669ce21eb6a6c

Linux/Linux 0995c2fc39b0f998d40f5d276f67ae22fc1c37c3 - f8f90b33934b307f6e4599b9fae38aa1ee5441a7

Linux/Linux 6.18

Linux/Linux 6.18.20 - 6.18.*

Linux/Linux 6.19.9 - 6.19.*

Linux/Linux 7.0

linux/linux_kernel 6.18 (4 CPE variants)

linux/linux_kernel 7.0 rc1

... and 1 more

Published May 08, 2026

Tracked Since May 08, 2026