CVE-2026-23038

Summary

In the Linux kernel, the following vulnerability has been resolved:

pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()

In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the already allocated dsaddrs list, leading to a memory leak.

Fix this by jumping to the out_err_drain_dsaddrs label, which properly frees the dsaddrs list before cleaning up other resources.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd67ae825a59d639e4d8b82413af84d854617a87e < e2dde5dafb80f1af4028ed10ad255f42af71c784affected
LinuxLinuxd67ae825a59d639e4d8b82413af84d854617a87e < 27c90d8ed81e7a289c9fe41b5e31d8bb609a3385affected
LinuxLinuxd67ae825a59d639e4d8b82413af84d854617a87e < 34b9dd179818ff7af2b36410985fd8166573c62daffected
LinuxLinuxd67ae825a59d639e4d8b82413af84d854617a87e < 869862056e100973e76ce9f5f1b01837771b7722affected
LinuxLinuxd67ae825a59d639e4d8b82413af84d854617a87e < 86da7efd12295a7e2b4abde5e5984c821edd938faffected
LinuxLinuxd67ae825a59d639e4d8b82413af84d854617a87e < ed5d3f2f6885eb99f729e6ffd946e3aa058bd3ebaffected
LinuxLinuxd67ae825a59d639e4d8b82413af84d854617a87e < 0c728083654f0066f5e10a1d2b0bd0907af19a58affected
LinuxLinux4.0affected
LinuxLinux0 < 4.0unaffected
LinuxLinux5.10.249 <= 5.10.*unaffected
LinuxLinux5.15.199 <= 5.15.*unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.122 <= 6.6.*unaffected
LinuxLinux6.12.67 <= 6.12.*unaffected
LinuxLinux6.18.7 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

ADP Enrichment

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References