PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23466 Linux CVE debrief

CVE-2026-23466 affects the Linux kernel's drm/xe path for GGTT MMIO access protection. The issue is that hotplug-based protection can be insufficient when driver load fails, and teardown can race with asynchronously freed buffer objects, leaving MMIO access enabled longer than intended. The supplied kernel fix introduces an explicit flag, protected by the GGTT lock, and clears it during dev_fini_ggtt so MMIO access is disabled as teardown begins.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-03
Original CVE updated
2026-05-20
Advisory published
2026-04-03
Advisory updated
2026-05-20

Who should care

Linux kernel maintainers, distro security teams, and operators running systems with the xe DRM driver should prioritize this issue, especially where local users can interact with the kernel and where updates lag behind the fixed releases.

Technical summary

The vulnerability is a teardown-time access control problem in drm/xe GGTT MMIO handling. According to the supplied description, drm_dev_enter() hotplug protection works after a successful load and later unbind or unload, but it does not cover the driver-load-failure path because drm_dev_unplug() is never called. The fix open-codes a GGTT MMIO access gate, guards it with the GGTT lock, and clears that gate in the devm release path (dev_fini_ggtt) so MMIO access stops once teardown starts. NVD lists affected Linux kernel ranges as 6.12 before 6.12.78, 6.13 before 6.18.20, 6.19 before 6.19.10, and 7.0-rc1 through 7.0-rc4.

Defensive priority

High. The supplied CVSS vector is AV:L/PR:L/UI:N/S:U/C:H/I:H/A:H, so the issue is locally reachable and can have major confidentiality, integrity, and availability impact on affected kernels.

Recommended defensive actions

  • Upgrade to a kernel release that includes the fix or is outside the affected version ranges listed by NVD.
  • Apply the official stable kernel patches referenced in the corpus from kernel.org.
  • Prioritize remediation on systems using the xe DRM driver or any fleet where local users can reach the affected kernel path.
  • Verify package inventories against the affected ranges: 6.12 before 6.12.78, 6.13 before 6.18.20, and 6.19 before 6.19.10, plus 7.0-rc1 through 7.0-rc4.
  • If patching must be delayed, reduce local user exposure to trusted accounts only as a temporary compensating control.

Evidence notes

This debrief is based only on the supplied NVD record and the linked kernel.org patch references. The record says the flaw was published on 2026-04-03 and last modified on 2026-05-20. The CVSS vector is AV:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and the supplied NVD data identifies the affected Linux kernel version ranges and the official patch links.

Official resources

CVE published 2026-04-03T16:16:34.017Z and modified 2026-05-20T15:15:36.770Z. No KEV entry is listed in the supplied corpus.