VYPR
High severity7.0NVD Advisory· Published Jan 25, 2026· Updated Apr 3, 2026

CVE-2026-23013

CVE-2026-23013

Description

In the Linux kernel, the following vulnerability has been resolved:

net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback

octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to ioq_vector. If request_irq() fails part-way, the rollback loop calls free_irq() with dev_id set to 'oct', which does not match the original dev_id and may leave the irqaction registered.

This can keep IRQ handlers alive while ioq_vector is later freed during unwind/teardown, leading to a use-after-free or crash when an interrupt fires.

Fix the error path to free IRQs with the same ioq_vector dev_id used during request_irq().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Linux/Kernel11 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.9.1,<6.12.67
    • cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.9:-:*:*:*:*:*:*
    • (no CPE)range: including 6.12-rc and later 6.12 stable (see stable backport)
  • osv-coords
    Range: >= 6.9.0, < 6.12.67

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.