{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23063","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.953Z","datePublished":"2026-02-04T16:07:45.426Z","dateUpdated":"2026-05-11T21:59:17.047Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:59:17.047Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: ensure safe queue release with state management\n\nDirectly calling `put_queue` carries risks since it cannot\nguarantee that resources of `uacce_queue` have been fully released\nbeforehand. So adding a `stop_queue` operation for the\nUACCE_CMD_PUT_Q command and leaving the `put_queue` operation to\nthe final resource release ensures safety.\n\nQueue states are defined as follows:\n- UACCE_Q_ZOMBIE: Initial state\n- UACCE_Q_INIT: After opening `uacce`\n- UACCE_Q_STARTED: After `start` is issued via `ioctl`\n\nWhen executing `poweroff -f` in virt while accelerator are still\nworking, `uacce_fops_release` and `uacce_remove` may execute\nconcurrently. This can cause `uacce_put_queue` within\n`uacce_fops_release` to access a NULL `ops` pointer. Therefore, add\nstate checks to prevent accessing freed pointers."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/misc/uacce/uacce.c"],"versions":[{"version":"015d239ac0142ad0e26567fd890ef8d171f13709","lessThan":"b457abeb5d962db88aaf60e249402fd3073dbfab","status":"affected","versionType":"git"},{"version":"015d239ac0142ad0e26567fd890ef8d171f13709","lessThan":"8b57bf1d3b1db692f34bce694a03e41be79f6016","status":"affected","versionType":"git"},{"version":"015d239ac0142ad0e26567fd890ef8d171f13709","lessThan":"336fb41a186e7c0415ae94fec9e23d1f04b87483","status":"affected","versionType":"git"},{"version":"015d239ac0142ad0e26567fd890ef8d171f13709","lessThan":"43f233eb6e7b9d88536881a9bc43726d0e34800d","status":"affected","versionType":"git"},{"version":"015d239ac0142ad0e26567fd890ef8d171f13709","lessThan":"47634d70073890c9c37e39ab4ff93d4b585b028a","status":"affected","versionType":"git"},{"version":"015d239ac0142ad0e26567fd890ef8d171f13709","lessThan":"92e4f11e29b98ef424ff72d6371acac03e5d973c","status":"affected","versionType":"git"},{"version":"015d239ac0142ad0e26567fd890ef8d171f13709","lessThan":"26c08dabe5475d99a13f353d8dd70e518de45663","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/misc/uacce/uacce.c"],"versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","status":"unaffected","versionType":"semver"},{"version":"5.10.249","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.199","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.122","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.68","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.8","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"5.10.249"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"5.15.199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.1.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.6.122"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.12.68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.18.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b457abeb5d962db88aaf60e249402fd3073dbfab"},{"url":"https://git.kernel.org/stable/c/8b57bf1d3b1db692f34bce694a03e41be79f6016"},{"url":"https://git.kernel.org/stable/c/336fb41a186e7c0415ae94fec9e23d1f04b87483"},{"url":"https://git.kernel.org/stable/c/43f233eb6e7b9d88536881a9bc43726d0e34800d"},{"url":"https://git.kernel.org/stable/c/47634d70073890c9c37e39ab4ff93d4b585b028a"},{"url":"https://git.kernel.org/stable/c/92e4f11e29b98ef424ff72d6371acac03e5d973c"},{"url":"https://git.kernel.org/stable/c/26c08dabe5475d99a13f353d8dd70e518de45663"}],"title":"uacce: ensure safe queue release with state management","x_generator":{"engine":"bippy-1.2.0"}}}}