CVE-2026-23096 in Linux
Summary
by MITRE • 02/04/2026
In the Linux kernel, the following vulnerability has been resolved:
uacce: fix cdev handling in the cleanup path
When cdev_device_add fails, it internally releases the cdev memory, and if cdev_device_del is then executed, it will cause a hang error. To fix it, we check the return value of cdev_device_add() and clear uacce->cdev to avoid calling cdev_device_del in the uacce_remove.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/03/2026
The vulnerability identified as CVE-2026-23096 resides within the Linux kernel's uacce (User Access Control Engine) subsystem, representing a critical issue in device character device handling during kernel module cleanup operations. This flaw manifests in the improper management of character device structures when the uacce subsystem encounters errors during device registration. The vulnerability stems from a fundamental race condition and improper state management within the device cleanup path, where the kernel fails to properly coordinate between device addition and removal operations.
The technical root cause of this vulnerability lies in the incorrect handling of return values from the cdev_device_add() function within the uacce subsystem. When cdev_device_add() fails, it automatically releases the associated character device memory resources, but the uacce subsystem continues to attempt cleanup operations through cdev_device_del() without proper state validation. This creates a scenario where the system attempts to operate on already-released memory structures, leading to system hangs and potential kernel crashes. The flaw directly violates proper resource management principles and demonstrates a lack of proper error handling in the device lifecycle management code.
From an operational perspective, this vulnerability presents a significant risk to systems utilizing the uacce subsystem, particularly those implementing hardware acceleration or cryptographic processing capabilities. The hanging behavior can result in complete system unresponsiveness, requiring manual intervention or system reboot to restore normal operation. Attackers could potentially exploit this vulnerability to cause denial of service conditions, effectively rendering systems unavailable to legitimate users. The impact is amplified in embedded systems or server environments where uptime and reliability are critical factors, as the hang condition could persist until manual intervention occurs.
The fix implemented addresses this vulnerability by introducing proper return value checking for cdev_device_add() and ensuring that the uacce->cdev pointer is cleared upon failure. This prevents subsequent cleanup operations from attempting to process already-released resources, thereby avoiding the system hang condition. The solution aligns with established security practices for resource management and error handling within kernel space operations. This vulnerability maps to CWE-457: Use of Uninitialized Variable and CWE-691: Insufficient Control Flow Management, both of which are fundamental security weaknesses in kernel programming that can lead to system instability and potential exploitation.
Security professionals should prioritize this vulnerability for remediation in systems running affected kernel versions, particularly those implementing uacce functionality. The patch demonstrates proper defensive programming techniques that should be adopted across similar subsystems within the Linux kernel ecosystem. Organizations utilizing hardware acceleration or cryptographic services should ensure immediate deployment of patches to prevent potential exploitation. This vulnerability serves as a reminder of the critical importance of proper resource management and error handling in kernel space operations, where improper state management can lead to system-wide stability issues and potential security implications. The ATT&CK framework categorizes this as a system stability compromise technique that could be leveraged in broader attack scenarios targeting system availability and reliability.