{"id":"CVE-2026-46201","summary":"drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()\n\nWhen xe_dma_buf_init_obj() fails, the attachment from\ndma_buf_dynamic_attach() is not detached. Add dma_buf_detach() before\nreturning the error. Note: we cannot use goto out_err here because\nxe_dma_buf_init_obj() already frees bo on failure, and out_err would\ndouble-free it.\n\n(cherry picked from commit a828eb185aac41800df8eae4b60501ccc0dbbe51)","modified":"2026-07-08T08:09:41.200879219Z","published":"2026-05-28T09:40:17.964Z","related":["openSUSE-SU-2026:10954-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46201.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0afa8b1ef582ecf6fb04097fd356f8741e5005ed"},{"type":"WEB","url":"https://git.kernel.org/stable/c/111ab678471bf1f90d078d5513bb086b70596c3c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d394669e194936d7ce15284a24a5ae334c4c5b74"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eea1e10f8d99c0f04deef707c99705b94bba3b78"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46201.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46201"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"dd08ebf6c3525a7ea2186e636df064ea47281987"},{"fixed":"d394669e194936d7ce15284a24a5ae334c4c5b74"},{"fixed":"0afa8b1ef582ecf6fb04097fd356f8741e5005ed"},{"fixed":"eea1e10f8d99c0f04deef707c99705b94bba3b78"},{"fixed":"111ab678471bf1f90d078d5513bb086b70596c3c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46201.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.8.0"},{"fixed":"6.12.90"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.32"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46201.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}