CVE-2026-23087
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
In the Linux kernel, a vulnerability in the Xen scsiback driver was found where memory allocated for the vscsiblk_info structure in scsiback_probe() is not freed in scsiback_remove() or in error paths of scsiback_probe(), leading to potential memory leaks.
Risk Assessment
Memory leaks can lead to exhaustion of system resources, potentially causing system instability or denial of service (DoS) in Xen environments over time.
Recommendation
Immediately update the Linux kernel to a version containing the fix that frees memory in scsiback_remove() and in the error paths of scsiback_probe().
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() Memory allocated for struct vscsiblk_info in scsiback_probe() is not freed in scsiback_remove() leading to potential memory leaks on remove, as well as in the scsiback_probe() error paths. Fix that by freeing it in scsiback_remove().

