Linux Kernel Vulnerability Involving Exec Queue Creation Failure
CVE-2026-23350

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-23350?

A vulnerability in the Linux Kernel relates to improper management of execution queues during creation, which can lead to invalid memory references. Specifically, the issue arises when the finalization process is not correctly called following the initialization of an exec queue. This oversight prevents the removal of the queue from the GuC list during guc_id allocation, potentially resulting in the presence of a damaged queue in the exec_queue_lookup list. As a consequence, this can lead to invalid memory accesses that may compromise system stability. The resolution includes ensuring that the fini function is called appropriately whenever a queue initialization fails, preventing the release of internal LRCs without properly cleaning up associated resources.

Affected Version(s)

Linux 3c1fa4aa60b146d1fa73b2b87064303f8e4b7952

Linux 3c1fa4aa60b146d1fa73b2b87064303f8e4b7952 < 99f9b5343cae80eb0dfe050baf6c86d722b3ba2e

Linux 6.19

References

https://git.kernel.org/stable/c/fae65b8a4449ae556990efcde...

https://git.kernel.org/stable/c/99f9b5343cae80eb0dfe050ba...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 13, 2026

CVE-2026-23350 Data

JSON