DMA-Buf Attachment Leak in Linux Kernel and Affected Products
CVE-2026-46201

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46201?

A vulnerability exists in the Linux kernel related to the dma-buf subsystem where an attachment leak occurs in the xe_gem_prime_import function. If the xe_dma_buf_init_obj function fails, the dynamically attached buffer is not properly detached, leading to a potential resource leak. This situation could allow unauthorized access or exploitation through the improper management of DMA buffers. The patch addresses the issue by ensuring that dma_buf_detach is invoked in error scenarios to prevent the leak.

Affected Version(s)

Linux dd08ebf6c3525a7ea2186e636df064ea47281987

Linux dd08ebf6c3525a7ea2186e636df064ea47281987 < 0afa8b1ef582ecf6fb04097fd356f8741e5005ed

Linux dd08ebf6c3525a7ea2186e636df064ea47281987

References

https://git.kernel.org/stable/c/d394669e194936d7ce15284a2...

https://git.kernel.org/stable/c/0afa8b1ef582ecf6fb04097fd...

https://git.kernel.org/stable/c/eea1e10f8d99c0f04deef707c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46201 Data

JSON