HOMEVULNERABILITIESCVE-2026-23162
NONE

CVE-2026-23162

Published: February 14, 2026· Updated: Feb 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.5th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

drm/xe/nvm: Fix double-free on aux add failure

After a successful auxiliary_device_init(), aux_dev->dev.release

(xe_nvm_release_dev()) is responsible for the kfree(nvm). When

there is failure with auxiliary_device_add(), driver will call

auxiliary_device_uninit(), which call put_device(). So that the

.release callback will be triggered to free the memory associated

with the auxiliary_device.

Move the kfree(nvm) into the auxiliary_device_init() failure path

and remove the err goto path to fix below error.

"

[ 13.232905] ==================================================================

[ 13.232911] BUG: KASAN: double-free in xe_nvm_init+0x751/0xf10 [xe]

[ 13.233112] Free of addr ffff888120635000 by task systemd-udevd/273

[ 13.233120] CPU: 8 UID: 0 PID: 273 Comm: systemd-udevd Not tainted 6.19.0-rc2-lgci-xe-kernel+ #225 PREEMPT(voluntary)

...

[ 13.233125] Call Trace:

[ 13.233126] <TASK>

[ 13.233127] dump_stack_lvl+0x7f/0xc0

[ 13.233132] print_report+0xce/0x610

[ 13.233136] ? kasan_complete_mode_report_info+0x5d/0x1e0

[ 13.233139] ? xe_nvm_init+0x751/0xf10 [xe]

...

"

v2: drop err goto path. (Alexander)

(cherry picked from commit a3187c0c2bbd947ffff97f90d077ac88f9c2a215)

NVD Source

Technical Analysis

CVE-2026-23162 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2026-23162
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 14, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23162 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.