CVE-2026-23034
Vulnerability Scoring
Analysis In Progress
CVE-2026-23034 Vulnerability Analysis & Exploit Details
CVE-2026-23034
Attack Complexity Details
-
Attack Complexity:
Attack Complexity Analysis In Progress
-
Attack Vector:
Attack Vector Under Analysis
-
Privileges Required:
None
No authentication is required for exploitation.
-
Scope:
Impact is confined to the initially vulnerable component.
-
User Interaction:
None
No user interaction is necessary for exploitation.
CVE-2026-23034 Details
Status: Received on 31 Jan 2026, 12:16 UTC
Published on: 31 Jan 2026, 12:16 UTC
CVSS Release:
CVE-2026-23034 Vulnerability Summary
CVE-2026-23034: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq->last_fence. This pointer holds an extra dma_fence reference. When the queue is destroyed, we free the fence driver and its xarray, but we forgot to drop the last_fence reference. Because of the missing dma_fence_put(), the last fence object can stay alive when the driver unloads. This leaves an allocated object in the amdgpu_userq_fence slab cache and triggers This is visible during driver unload as: BUG amdgpu_userq_fence: Objects remaining on __kmem_cache_shutdown() kmem_cache_destroy amdgpu_userq_fence: Slab cache still has objects Call Trace: kmem_cache_destroy amdgpu_userq_fence_slab_fini amdgpu_exit __do_sys_delete_module Fix this by putting userq->last_fence and clearing the pointer during amdgpu_userq_fence_driver_free(). This makes sure the fence reference is released and the slab cache is empty when the module exits. v2: Update to only release userq->last_fence with dma_fence_put() (Christian) (cherry picked from commit 8e051e38a8d45caf6a866d4ff842105b577953bb)
Assessing the Risk of CVE-2026-23034
Access Complexity Graph
The exploitability of CVE-2026-23034 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs).
Exploitability Analysis for CVE-2026-23034
No exploitability data is available for CVE-2026-23034.
Understanding AC and PR
A lower complexity and fewer privilege requirements make exploitation easier. Security teams should evaluate these aspects to determine the urgency of mitigation strategies, such as patch management and access control policies.
Attack Complexity (AC) measures the difficulty in executing an exploit. A high AC means that specific conditions must be met, making an attack more challenging, while a low AC means the vulnerability can be exploited with minimal effort.
Privileges Required (PR) determine the level of system access necessary for an attack. Vulnerabilities requiring no privileges are more accessible to attackers, whereas high privilege requirements limit exploitation to authorized users with elevated access.
CVSS Score Breakdown Chart
Above is the CVSS Sub-score Breakdown for CVE-2026-23034, illustrating how Base, Impact, and Exploitability factors combine to form the overall severity rating. A higher sub-score typically indicates a more severe or easier-to-exploit vulnerability.
CIA Impact Analysis
Below is the Impact Analysis for CVE-2026-23034, showing how Confidentiality, Integrity, and Availability might be affected if the vulnerability is exploited. Higher values usually signal greater potential damage.
-
Confidentiality:
None
CVE-2026-23034 does not compromise confidentiality.
-
Integrity:
None
CVE-2026-23034 does not impact data integrity.
-
Availability:
None
CVE-2026-23034 does not affect system availability.
CVE-2026-23034 References
External References
- https://git.kernel.org/stable/c/b2426a211dba6432e32a2e70e9183c6e134475c6
- https://git.kernel.org/stable/c/e1a30e1ab33fc522785d04bbf7e1b13a5c5c9175
CWE Common Weakness Enumeration
Unknown
Protect Your Infrastructure against CVE-2026-23034: Combat Critical CVE Threats
Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.
Other 5 Recently Published CVEs Vulnerabilities
- CVE-2026-25253 – OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection w...
- CVE-2026-1733 – A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/de...
- CVE-2020-37064 – EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potential...
- CVE-2020-37063 – TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated...
- CVE-2020-37062 – DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting ...