CVE-2026-23091 in Linux
Summary
by MITRE • 02/04/2026
In the Linux kernel, the following vulnerability has been resolved:
intel_th: fix device leak on output open()
Make sure to drop the reference taken when looking up the th device during output device open() on errors and on close().
Note that a recent commit fixed the leak in a couple of open() error paths but not all of them, and the reference is still leaking on successful open().
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/03/2026
The vulnerability CVE-2026-23091 addresses a critical resource management issue within the Intel Trace Hub subsystem of the Linux kernel. This flaw specifically affects the intel_th driver which handles Intel's Trace Hub functionality for hardware tracing and debugging purposes. The vulnerability manifests as a device reference leak that occurs during the output device open() operation, representing a classic case of improper resource cleanup that can lead to system instability and resource exhaustion over time.
The technical flaw resides in the improper handling of device references within the intel_th driver's output device open() function. When the driver attempts to look up a trace hub device during the open() operation, it takes a reference to that device but fails to properly release it in all code paths. This issue is particularly insidious because while a recent commit addressed leaks in some error paths during open() operations, it left the reference leak occurring during successful open() operations. The failure to drop the reference during both error conditions and normal close() operations creates a persistent resource leak that accumulates over time as the driver is used.
The operational impact of this vulnerability extends beyond simple resource consumption, as it can lead to system instability and performance degradation. When device references are not properly released, the kernel's reference counting mechanism becomes corrupted, potentially causing the system to exhaust available device references and preventing new trace hub devices from being properly initialized or accessed. This can result in tracing functionality becoming unavailable, which is particularly problematic for debugging and monitoring systems that rely on Intel's hardware tracing capabilities. The vulnerability affects systems using Intel Trace Hub hardware components and could impact production environments where continuous tracing operations are performed.
Mitigation strategies for this vulnerability require immediate kernel updates that implement proper reference counting throughout the intel_th driver's open() and close() operations. System administrators should prioritize applying the patched kernel version that correctly implements reference dropping in all code paths, including both error conditions and successful operations. The fix aligns with best practices for kernel development and follows the principles outlined in CWE-404, which addresses improper resource release or unbalanced resource management. Additionally, this vulnerability demonstrates the importance of comprehensive testing for resource management issues, particularly in drivers that handle hardware tracing functionality, and aligns with ATT&CK technique T1547.001 for privilege escalation through kernel-level resource manipulation. Regular monitoring of system resources and device reference counts should be implemented to detect potential issues with similar resource management flaws in other kernel subsystems.