Vulnerability Lookup

🛡️ CVE-2026-23164

🟡 CVSS 5.5 — Medium ✅ No Known Exploit CWE-401 NVD

5.5

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: rocker: fix memory leak in rocker_world_port_post_fini() In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with kzalloc(wops->port_priv_size, GFP_KERNEL). However, in rocker_world_port_post_fini(), the memory is only freed when wops->port_post_fini callback is set: if (!wops->port_post_fini) return; wops->port_post_fini(rocker_port); kfree(rocker_port->wpriv); Since rocker_ofdpa_ops does not implement port_post_fini callback (it is NULL), the wpriv memory allocated for each port is never freed when ports are removed. This leads to a memory leak of sizeof(struct ofdpa_port) bytes per port on every device removal. Fix this by always calling kfree(rocker_port->wpriv) regardless of whether the port_post_fini callback exists.

Details

Severity MEDIUM

CVSS Score 5.5

CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE CWE-401

Public Exploit ✅ No

Source NVD

Published 2026-02-14

Updated 2026-06-02

Modified 2026-03-18

Fix URL https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3

Affected Packages

Software	From version	Fixed in
linux-kernel	—	—

References

Patch https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3

Patch https://git.kernel.org/stable/c/8ce2e85889939c02740b4245301aa5c35fc94887

Patch https://git.kernel.org/stable/c/8d7ba71e46216b8657a82ca2ec118bc93812a4d0

Patch https://git.kernel.org/stable/c/b11e6f926480ab0939fec44781f28558c54be4e7

Patch https://git.kernel.org/stable/c/d448bf96889f1905e740c554780f5c9fa0440566

Patch https://git.kernel.org/stable/c/d8723917efda3b4f4c3de78d1ec1e1af015c0be1

Patch https://git.kernel.org/stable/c/dce375f4afc348c310d171abcde7ec1499a4c26a

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Help block exploit attempts

Company

Resources

Services

Trusted

Subscribe