CVE-2026-23026
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/01/2026
Last modified:
06/02/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()<br />
<br />
Fix a memory leak in gpi_peripheral_config() where the original memory<br />
pointed to by gchan->config could be lost if krealloc() fails.<br />
<br />
The issue occurs when:<br />
1. gchan->config points to previously allocated memory<br />
2. krealloc() fails and returns NULL<br />
3. The function directly assigns NULL to gchan->config, losing the<br />
reference to the original memory<br />
4. The original memory becomes unreachable and cannot be freed<br />
<br />
Fix this by using a temporary variable to hold the krealloc() result<br />
and only updating gchan->config when the allocation succeeds.<br />
<br />
Found via static analysis and code review.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/01b1d781394fc9b83015e3a3cd46b17bda842bd8
- https://git.kernel.org/stable/c/3f747004bbd641131d9396d87b5d2d3d1e182728
- https://git.kernel.org/stable/c/4532f18e4ab36def1f55cd936d0fc002b2ce34c2
- https://git.kernel.org/stable/c/55a67ba5ac4cebfd54cc8305d4d57a0f1dfe6a85
- https://git.kernel.org/stable/c/694ab1f6f16cb69f7c5ef2452b22ba7b00a3c7c7
- https://git.kernel.org/stable/c/6bf4ef078fd11910988889a6c0b3698d2e0c89af