CVE-2026-46224 Linux CVE debrief

Who should care

Linux system administrators running kernels with Intel Xe graphics support; organizations using Intel discrete or integrated graphics in server or workstation environments; kernel maintainers and distributors packaging drm/xe driver updates

Technical summary

The vulnerability is a resource leak in the drm/xe (Intel Xe graphics) driver within the Linux kernel. Specifically, in xe_dma_buf_init_obj(), when drm_gpuvm_resv_object_alloc() fails after a buffer object has been allocated, the storage bo is not freed. This creates an ownership ambiguity because xe_bo_init_locked() (called by xe_dma_buf_init_obj()) frees the bo on its own errors, but xe_dma_buf_init_obj() did not do so for its independent failure paths. The fix adds xe_bo_free(storage) before returning errors and includes comments clarifying that on success, ownership transfers to the returned drm_gem_object, while on failure, the function must free storage before returning. The commits referenced are stable kernel backports of the original fix (78a6c5f899f22338bbf48b44fb8950409c5a69b9).

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fix commits when available from your Linux distribution
• Monitor stable kernel releases for backports of the drm/xe fix
• Review systems using Intel Xe graphics for unusual memory consumption patterns in GPU workloads
• Consider enabling kernel memory leak detection (KASAN, kmemleak) in test environments to catch similar issues

Evidence notes

The vulnerability description is sourced from the official CVE record published by CVE.org and mirrored in NVD. The fix is documented in Linux kernel stable branch commits. No CVSS score or severity rating has been assigned as of the CVE publication date. The vendor identification is marked low confidence and requires review, though the affected component (drm/xe) clearly indicates Intel Xe graphics driver code in the Linux kernel.

Official resources