CVE Catalog

CVE-2026-52904

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel's Nouveau driver, a memory leak occurs when aperture_remove_conflicting_pci_devices() fails during probe. The error path does not properly release the nvkm_device structure, leaking both the device wrapper and the pci_enable_device() reference.

Risk Assessment

This memory leak can gradually exhaust system resources, potentially destabilizing servers or workstations with NVIDIA graphics cards.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit that jumps to the fail_nvkm label to properly release resources).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, the error path returns directly without unwinding the nvkm_device that was just allocated by nvkm_device_pci_new(). This leaks both the device wrapper and the pci_enable_device() reference taken inside it. Jump to the existing fail_nvkm label so nvkm_device_del() runs and balances both. The leak was introduced when the intermediate nvkm_device_del() between detection and aperture removal was dropped in favor of creating the pci device once.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS