CVE-2026-23160

Summary

In the Linux kernel, the following vulnerability has been resolved:

octeon_ep: Fix memory leak in octep_device_setup()

In octep_device_setup(), if octep_ctrl_net_init() fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory.

Fix this by jumping to the unsupported_dev label, which performs the necessary cleanup. This aligns with the error handling logic of other paths in this function.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux577f0d1b1c5f3282fa2011177b0af692a7c21aee < 5058d3f8f17202e673f90af1446252322bd0850faffected
LinuxLinux577f0d1b1c5f3282fa2011177b0af692a7c21aee < fdfd28e13c244d7c3345e74f339fd1b67605b694affected
LinuxLinux577f0d1b1c5f3282fa2011177b0af692a7c21aee < d753f3c3f9d7a6e6dbb4d3a97b73007d71624551affected
LinuxLinux577f0d1b1c5f3282fa2011177b0af692a7c21aee < 8016dc5ee19a77678c264f8ba368b1e873fa705baffected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.6.123 <= 6.6.*unaffected
LinuxLinux6.12.69 <= 6.12.*unaffected
LinuxLinux6.18.9 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References