CVE-2026-23464

Summary

In the Linux kernel, the following vulnerability has been resolved:

soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()

In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails, the function returns immediately without freeing the allocated memory for sys_controller, leading to a memory leak.

Fix this by jumping to the out_free label to ensure the memory is properly freed.

Also, consolidate the error handling for the mbox_request_channel() failure case to use the same label.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux742aa6c563d29c367edbf0ef7236a7a853ed9be4 < da4b44c42f40501db35f5d0a6243708a061490a0affected
LinuxLinux742aa6c563d29c367edbf0ef7236a7a853ed9be4 < e3dd5cffba07de6574165a72851471cd42cc6d15affected
LinuxLinux742aa6c563d29c367edbf0ef7236a7a853ed9be4 < 17c84fb7cf3971cc621646185d785670e9530ca1affected
LinuxLinux742aa6c563d29c367edbf0ef7236a7a853ed9be4 < 5a741f8cc6fe62542f955cd8d24933a1b6589cbdaffected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.12.78 <= 6.12.*unaffected
LinuxLinux6.18.20 <= 6.18.*unaffected
LinuxLinux6.19.10 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References