CVE & CISA-KEV Catalog

CVE-2026-52904

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, the error path returns directly without unwinding the nvkm_device that was just allocated by nvkm_device_pci_new(). This leaks both the device wrapper and the pci_enable_device() reference taken inside it. Jump to the existing fail_nvkm label so nvkm_device_del() runs and balances both. The leak was introduced when the intermediate nvkm_device_del() between detection and aperture removal was dropped in favor of creating the pci device once.

How to fix

Remediation Available
linuxDebian
Fixed in:6.12.86-1CVE-2026-52904
Fixed in:7.0.4-1CVE-2026-52904

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.16%probability of exploitation in 30 days
5thpercentile

Low risk: more likely to be exploited than 5% of all known CVEs.

References

Embed a live status badge for CVE-2026-52904
CVE-2026-52904 severity badge

Markdown

[![CVE-2026-52904](https://tridentstack.com/cve/badge/CVE-2026-52904.svg)](https://tridentstack.com/cve/CVE-2026-52904)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-52904"><img src="https://tridentstack.com/cve/badge/CVE-2026-52904.svg" alt="CVE-2026-52904"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-17.