| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026021417-CVE-2026-23160-d1e6@gregkh> Date: Sat, 14 Feb 2026 17:04:26 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2026-23160: octeon_ep: Fix memory leak in octep_device_setup() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix memory leak in octep_device_setup() In octep_device_setup(), if octep_ctrl_net_init() fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory. Fix this by jumping to the unsupported_dev label, which performs the necessary cleanup. This aligns with the error handling logic of other paths in this function. Compile tested only. Issue found using a prototype static analysis tool and code review. The Linux kernel CVE team has assigned CVE-2026-23160 to this issue. Affected and fixed versions =========================== Issue introduced in 6.4 with commit 577f0d1b1c5f3282fa2011177b0af692a7c21aee and fixed in 6.6.123 with commit 5058d3f8f17202e673f90af1446252322bd0850f Issue introduced in 6.4 with commit 577f0d1b1c5f3282fa2011177b0af692a7c21aee and fixed in 6.12.69 with commit fdfd28e13c244d7c3345e74f339fd1b67605b694 Issue introduced in 6.4 with commit 577f0d1b1c5f3282fa2011177b0af692a7c21aee and fixed in 6.18.9 with commit d753f3c3f9d7a6e6dbb4d3a97b73007d71624551 Issue introduced in 6.4 with commit 577f0d1b1c5f3282fa2011177b0af692a7c21aee and fixed in 6.19 with commit 8016dc5ee19a77678c264f8ba368b1e873fa705b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-23160 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/marvell/octeon_ep/octep_main.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5058d3f8f17202e673f90af1446252322bd0850f https://git.kernel.org/stable/c/fdfd28e13c244d7c3345e74f339fd1b67605b694 https://git.kernel.org/stable/c/d753f3c3f9d7a6e6dbb4d3a97b73007d71624551 https://git.kernel.org/stable/c/8016dc5ee19a77678c264f8ba368b1e873fa705b
Powered by blists - more mailing lists