CVE-2026-23065 in Linux
Summary
by MITRE • 02/04/2026
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/amd: Fix memory leak in wbrf_record()
The tmp buffer is allocated using kcalloc() but is not freed if acpi_evaluate_dsm() fails. This causes a memory leak in the error path.
Fix this by explicitly freeing the tmp buffer in the error handling path of acpi_evaluate_dsm().
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/30/2026
The vulnerability CVE-2026-23065 represents a memory leak in the Linux kernel's AMD platform driver component, specifically within the wbrf_record() function located in the platform/x86/amd subsystem. This flaw demonstrates a classic resource management error where allocated memory is not properly released during error conditions, creating a persistent memory leak that can accumulate over time and potentially impact system stability. The issue occurs in the context of ACPI (Advanced Configuration and Power Interface) device state management where the kernel attempts to evaluate device state methods through the acpi_evaluate_dsm() function. The vulnerability is categorized under CWE-401 as a failure to release memory resources, which is a fundamental memory management flaw that can lead to resource exhaustion and system degradation.
The technical implementation of this vulnerability involves the allocation of a temporary buffer using the kcalloc() kernel memory allocator, which is a standard function for allocating and zero-initializing memory blocks in kernel space. When the acpi_evaluate_dsm() function encounters an error condition and returns failure, the code path does not include explicit cleanup of the previously allocated tmp buffer. This creates a memory leak scenario where the kernel allocates memory for the temporary buffer but fails to deallocate it, leaving the memory inaccessible to other kernel components while the system continues to operate. The error handling path lacks the necessary cleanup routine that would typically call kfree() or a similar deallocation function to release the memory back to the kernel's memory pool.
The operational impact of this memory leak, while seemingly minor at the individual instance level, can compound over extended system uptime and repeated error conditions. In systems with frequent ACPI operations or those that experience regular device state transitions, the accumulation of leaked memory can gradually reduce available system resources, potentially leading to performance degradation or in extreme cases, system instability. The vulnerability affects systems running Linux kernels with AMD platform support where the wbrf_record() function is invoked, particularly in server or workstation environments where ACPI functionality is actively utilized. This type of memory leak can be particularly problematic in embedded systems or virtualized environments where memory resources are constrained and efficient resource utilization is critical for maintaining system performance and reliability.
Mitigation strategies for this vulnerability focus on implementing proper error handling and resource cleanup procedures within the kernel code. The fix involves modifying the error handling path of the wbrf_record() function to explicitly call kfree() on the tmp buffer when acpi_evaluate_dsm() fails, ensuring that all allocated resources are properly released regardless of execution path. This approach aligns with the ATT&CK framework's defense evasion techniques by preventing resource exhaustion attacks that could be leveraged to cause system instability. System administrators should prioritize applying the kernel patch that implements this fix, as it addresses a fundamental memory management issue that could be exploited in prolonged system operation scenarios. The fix also demonstrates best practices for kernel development, emphasizing the importance of defensive programming and ensuring that all code paths properly handle resource allocation and deallocation to prevent memory leaks that could compromise system integrity and performance over time.