VYPR
Medium severity5.5NVD Advisory· Published Mar 18, 2026· Updated May 21, 2026

CVE-2026-23257

CVE-2026-23257

Description

In the Linux kernel, the following vulnerability has been resolved:

net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak.

Fix this by changing the loop to iterate from the current index i down to 0.

Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index.

Compile tested only. Issue found using code review.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Linux/Kernel11 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.2,<5.10.250
    • cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
    • (no CPE)
    • (no CPE)range: 4.2
  • osv-coords
    Range: >= 4.2.0, < 5.10.250

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.