AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-46224: In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xe_dma_buf_init_obj() on all

infovulnerability

security

Source: NVD/CVE DatabaseMay 28, 2026CVE-2026-46224

Summary

A vulnerability in the Linux kernel's graphics driver (drm/xe) causes a memory leak when allocating GPU buffer objects fails. Specifically, when drm_gpuvm_resv_object_alloc() encounters an error, the pre-allocated storage buffer object (bo, a chunk of GPU memory) is not properly freed, wasting memory resources.

Solution / Mitigation

Add xe_bo_free(storage) before returning the error in xe_dma_buf_init_obj(). Additionally, add comments documenting ownership semantics to clarify that on success, ownership transfers to the returned drm_gem_object, and on failure, storage is freed before returning. This fix was applied in commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

May 28, 2026

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46224

First tracked: May 28, 2026 at 08:08 AM

Classified by LLM (prompt v3) · confidence: 95%