CVE-2026-23087 in Linux
Summary
by MITRE • 02/04/2026
In the Linux kernel, the following vulnerability has been resolved:
scsi: xen: scsiback: Fix potential memory leak in scsiback_remove()
Memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove() leading to potential memory leaks on remove, as well as in the scsiback_probe() error paths. Fix that by freeing it in scsiback_remove().
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/03/2026
This vulnerability exists within the Linux kernel's SCSI subsystem, specifically in the xen hypervisor backend driver known as scsiback. The issue manifests as a memory management flaw that occurs during the removal of SCSI backend devices in virtualized environments. The vulnerability is classified as a memory leak that can lead to progressive resource exhaustion over time, potentially impacting system stability and performance. The flaw is particularly significant in virtualized deployments where Xen hypervisor is utilized for SCSI storage virtualization.
The technical root cause involves improper memory deallocation within the device removal path of the scsiback driver. During normal operation, the driver allocates memory for a struct vscsiblk_info structure within the scsiback_probe() function to maintain device state information. However, when the device is removed through scsiback_remove(), the allocated memory for this structure is not properly freed, creating a memory leak. This memory leak occurs not only during normal device removal but also in error paths within scsiback_probe() where cleanup operations are insufficient, leading to cumulative memory consumption across multiple device operations.
The operational impact of this vulnerability extends beyond simple memory consumption issues to potentially compromise system stability in virtualized environments. In scenarios where multiple SCSI devices are frequently added and removed, the memory leak can accumulate to significant levels, eventually leading to memory pressure that may cause system slowdowns, application failures, or even system crashes. The vulnerability affects systems using Xen hypervisor with SCSI backend functionality, particularly those managing dynamic storage configurations where devices are regularly hot-plugged or hot-unplugged. This makes the flaw particularly dangerous in cloud computing environments, virtual desktop infrastructures, and any deployment where dynamic storage management is prevalent.
The fix implemented addresses the memory leak by ensuring proper deallocation of the vscsiblk_info structure within the scsiback_remove() function. This remediation aligns with standard memory management best practices and follows the principle of least privilege in resource management. The solution directly addresses the flaw by adding explicit memory freeing operations in the device removal path, preventing the accumulation of unreleased memory objects. Security considerations include the potential for denial of service attacks that could exploit this memory leak to exhaust system resources, particularly in environments where device management is frequent. The vulnerability demonstrates the importance of comprehensive error handling and resource cleanup in kernel drivers, particularly in virtualized environments where resource management becomes more complex. This fix contributes to the overall security posture by preventing potential resource exhaustion attacks and maintaining system stability in virtualized deployments. The remediation approach follows established kernel development practices and aligns with common security guidelines for memory management in operating system components, ensuring that allocated resources are properly released regardless of execution paths taken during device lifecycle operations.