Unrated severityNVD Advisory· Published Feb 14, 2026

interconnect: debugfs: initialize src_node and dst_node to empty strings

CVE-2026-23123

Description

In the Linux kernel, the following vulnerability has been resolved:

The debugfs_create_str() API assumes that the string pointer is either NULL or points to valid kmalloc() memory. Leaving the pointer uninitialized can cause problems.

Initialize src_node and dst_node to empty strings before creating the debugfs entries to guarantee that reads and writes are safe.

Affected products

Linux/Kernelllm-fuzzy
Linux/Linuxv5
Range: 6.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/stable/c/5d7c7e1fb3ec24fdd0f9faa27b666d6789e891e8mitre
git.kernel.org/stable/c/8cc27f5c6dd17dd090f3a696683f04336c162ff5mitre
git.kernel.org/stable/c/935d0938b570589c8b0a1733d2cba3c39d027f25mitre
git.kernel.org/stable/c/aa79a5a959c7c414bd6fba01ea8dbaddd44f13e7mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000