In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau: fix nvkm_device leak on aperture removal failure
When apertureremoveconflictingpcidevices() fails during probe, the error path returns directly without unwinding the nvkmdevice that was just allocated by nvkmdevicepcinew(). This leaks both the device wrapper and the pcienabledevice() reference taken inside it.
Jump to the existing failnvkm label so nvkmdevicedel() runs and balances both. The leak was introduced when the intermediate nvkmdevice_del() between detection and aperture removal was dropped in favor of creating the pci device once.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52904.json"
}