CVE-2026-23026
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
In the Linux kernel, a memory leak was found in the gpi_peripheral_config() function of the QCOM GPI DMA driver. The issue occurs when krealloc() returns NULL, causing loss of reference to previously allocated memory.
Risk Assessment
Memory leak may lead to gradual exhaustion of available system memory, potentially causing system crashes or performance degradation in extreme cases.
Recommendation
It is recommended to immediately update the Linux kernel to a version containing the fix that resolves the memory leak in the QCOM GPI dmaengine driver.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original memory pointed to by gchan->config could be lost if krealloc() fails. The issue occurs when: 1. gchan->config points to previously allocated memory 2. krealloc() fails and returns NULL 3. The function directly assigns NULL to gchan->config, losing the reference to the original memory 4. The original memory becomes unreachable and cannot be freed Fix this by using a temporary variable to hold the krealloc() result and only updating gchan->config when the allocation succeeds. Found via static analysis and code review.

