CVE-2026-23257

Enriched by CISA

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index. Compile tested only. Issue found using code review.
https://nvd.nist.gov/vuln/detail/CVE-2026-23257

References

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963
https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f
https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769
https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d
https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815
https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932
https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99

AFFECTED (from MITRE)

Vendor	Product	Versions
Linux	Linux	f21fb3ed364bb83533c5efe19354e337ea9ecda9 < af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d [affected] f21fb3ed364bb83533c5efe19354e337ea9ecda9 < d86c58eb005eb99da402452f3db7a6e0eae32815 [affected] f21fb3ed364bb83533c5efe19354e337ea9ecda9 < f1216b80c9040a904d2ad7c8cd24ca0ff1f36932 [affected] f21fb3ed364bb83533c5efe19354e337ea9ecda9 < a0d2389c8cdc1f05de5eb8663bffe9ed05dca769 [affected] f21fb3ed364bb83533c5efe19354e337ea9ecda9 < f86bd16280a0f88b538394e0565c56ce4756da99 [affected] f21fb3ed364bb83533c5efe19354e337ea9ecda9 < 293eaad0d6d6b2a37a458c7deb7be345349cd963 [affected] f21fb3ed364bb83533c5efe19354e337ea9ecda9 < 8558aef4e8a1a83049ab906d21d391093cfa7e7f [affected]
Linux	Linux	4.2 [affected] < 4.2 [unaffected] 5.10.250 ≤ 5.10.* [unaffected] 5.15.200 ≤ 5.15.* [unaffected] 6.1.163 ≤ 6.1.* [unaffected] 6.6.124 ≤ 6.6.* [unaffected] 6.12.70 ≤ 6.12.* [unaffected] 6.18.10 ≤ 6.18.* [unaffected] 6.19 ≤ * [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:linux:linux_kernel::::::::	>= 4.2	< 5.10.250
cpe:2.3:o:linux:linux_kernel::::::::	>= 4.2	< 5.15.200
cpe:2.3:o:linux:linux_kernel::::::::	>= 4.2	< 6.1.163
cpe:2.3:o:linux:linux_kernel::::::::	>= 4.2	< 6.6.124
cpe:2.3:o:linux:linux_kernel::::::::	>= 4.2	< 6.12.70
cpe:2.3:o:linux:linux_kernel::::::::	>= 4.2	< 6.18.10
cpe:2.3:o:linux:linux_kernel::::::::	>= 4.2	< 6.19

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee