| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026021419-CVE-2026-23164-9874@gregkh>
Date: Sat, 14 Feb 2026 17:04:30 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2026-23164: rocker: fix memory leak in rocker_world_port_post_fini()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
rocker: fix memory leak in rocker_world_port_post_fini()
In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with
kzalloc(wops->port_priv_size, GFP_KERNEL). However, in
rocker_world_port_post_fini(), the memory is only freed when
wops->port_post_fini callback is set:
if (!wops->port_post_fini)
return;
wops->port_post_fini(rocker_port);
kfree(rocker_port->wpriv);
Since rocker_ofdpa_ops does not implement port_post_fini callback
(it is NULL), the wpriv memory allocated for each port is never freed
when ports are removed. This leads to a memory leak of
sizeof(struct ofdpa_port) bytes per port on every device removal.
Fix this by always calling kfree(rocker_port->wpriv) regardless of
whether the port_post_fini callback exists.
The Linux kernel CVE team has assigned CVE-2026-23164 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.6 with commit e420114eef4a3a5025a243b89b0dc343101e3d3c and fixed in 5.10.249 with commit 2a3a64d75d2d0727da285749476761ebcad557a3
Issue introduced in 4.6 with commit e420114eef4a3a5025a243b89b0dc343101e3d3c and fixed in 5.15.199 with commit b11e6f926480ab0939fec44781f28558c54be4e7
Issue introduced in 4.6 with commit e420114eef4a3a5025a243b89b0dc343101e3d3c and fixed in 6.1.162 with commit 8ce2e85889939c02740b4245301aa5c35fc94887
Issue introduced in 4.6 with commit e420114eef4a3a5025a243b89b0dc343101e3d3c and fixed in 6.6.123 with commit d448bf96889f1905e740c554780f5c9fa0440566
Issue introduced in 4.6 with commit e420114eef4a3a5025a243b89b0dc343101e3d3c and fixed in 6.12.69 with commit d8723917efda3b4f4c3de78d1ec1e1af015c0be1
Issue introduced in 4.6 with commit e420114eef4a3a5025a243b89b0dc343101e3d3c and fixed in 6.18.9 with commit dce375f4afc348c310d171abcde7ec1499a4c26a
Issue introduced in 4.6 with commit e420114eef4a3a5025a243b89b0dc343101e3d3c and fixed in 6.19 with commit 8d7ba71e46216b8657a82ca2ec118bc93812a4d0
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2026-23164
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/ethernet/rocker/rocker_main.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3
https://git.kernel.org/stable/c/b11e6f926480ab0939fec44781f28558c54be4e7
https://git.kernel.org/stable/c/8ce2e85889939c02740b4245301aa5c35fc94887
https://git.kernel.org/stable/c/d448bf96889f1905e740c554780f5c9fa0440566
https://git.kernel.org/stable/c/d8723917efda3b4f4c3de78d1ec1e1af015c0be1
https://git.kernel.org/stable/c/dce375f4afc348c310d171abcde7ec1499a4c26a
https://git.kernel.org/stable/c/8d7ba71e46216b8657a82ca2ec118bc93812a4d0
Powered by blists - more mailing lists