CVE-2026-23026

dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()

Description

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original memory pointed to by gchan->config could be lost if krealloc() fails. The issue occurs when: 1. gchan->config points to previously allocated memory 2. krealloc() fails and returns NULL 3. The function directly assigns NULL to gchan->config, losing the reference to the original memory 4. The original memory becomes unreachable and cannot be freed Fix this by using a temporary variable to hold the krealloc() result and only updating gchan->config when the allocation succeeds. Found via static analysis and code review.

INFO

Published Date :

2026-01-31T11:42:05.185Z

Last Modified :

2026-02-09T08:37:20.372Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2026-23026 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23026.

URL	Resource
https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8
https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d1e182728
https://git.kernel.org/stable/c/4532f18e4ab36def1f55cd936d0fc002b2ce34c2
https://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85
https://git.kernel.org/stable/c/694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7
https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b3698d2e0c89af
https://lore.kernel.org/linux-cve-announce/2026013119-CVE-2026-23026-5ca7@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23026
https://www.cve.org/CVERecord?id=CVE-2026-23026

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact