PatchSiren cyber security CVE debrief
CVE-2026-52976 Linux CVE debrief
CVE-2026-52976 is a HIGH severity vulnerability in the Linux kernel, with a CVSS score of 7.8. The vulnerability exists in the drm/xe component and involves two error handling issues in the xe_exec_queue_create_ioctl() function. An attacker with local access could potentially exploit this vulnerability to gain elevated privileges. The vulnerability was resolved by fixing error cleanup in the xe_exec_queue_create_ioctl() function.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-24
- Original CVE updated
- 2026-06-28
- Advisory published
- 2026-06-24
- Advisory updated
- 2026-06-28
Who should care
Linux kernel developers, Linux distribution maintainers, and organizations using Linux-based systems should be aware of this vulnerability. They should assess their exposure and apply patches or mitigations as necessary. Security teams and administrators responsible for Linux systems should prioritize patching and monitoring for potential exploitation attempts.
Technical summary
The vulnerability is located in the drm/xe component of the Linux kernel. Specifically, it involves two error handling issues in the xe_exec_queue_create_ioctl() function. The first issue occurs when xe_hw_engine_group_add_exec_queue() fails, causing the error path to skip xe_exec_queue_kill(). This can lead to a dangling pointer if the VM is in preempt fence mode. The second issue arises when xa_alloc() fails after xe_hw_engine_group_add_exec_queue() has succeeded, resulting in the queue being freed while still linked into the hw engine group, causing a use-after-free. The fix involves changing the error path for xe_hw_engine_group_add_exec_queue() failure to jump to kill_exec_queue and adding a del_hw_engine_group label for the xa_alloc() failure path.
Defensive priority
High priority should be given to patching affected Linux kernel versions. Administrators should ensure that Linux systems are updated with the latest kernel patches. Monitoring for potential exploitation attempts and reviewing system logs for suspicious activity related to the drm/xe component is also recommended.
Recommended defensive actions
- Apply kernel patches for CVE-2026-52976
- Review and update Linux kernel versions
- Monitor system logs for suspicious activity
- Assess exposure and prioritize patching
- Implement compensating controls for Linux systems
Evidence notes
The CVE record and NVD detail provide information on the vulnerability. The CVE record was published on 2026-06-24T17:17:08.183Z and modified on 2026-06-28T08:16:27.417Z. The NVD detail provides additional information on the vulnerability, including its CVSS score and vector.
Official resources
-
CVE-2026-52976 CVE record
CVE.org
-
CVE-2026-52976 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
This article is AI-assisted and based on the supplied source corpus.