Skip to main content

Linux CVE-2026-23256

| EUVDEUVD-2026-12887 MEDIUM
Off-by-one Error (CWE-193)
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
3.3 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 21, 2026 - 00:22 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2026-12887
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:41 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup

In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak.

Fix this by changing the loop to iterate from the current index i down to 0.

Compile tested only. Issue found using code review.

AnalysisAI

This vulnerability is an off-by-one error in the Linux kernel's liquidio driver that causes a memory leak during virtual function (VF) setup failure cleanup. The vulnerability affects the Linux kernel across all versions where the liquidio net driver is compiled, as identified through the affected CPE (cpe:2.3:a:linux:linux). While this is a memory leak rather than a direct code execution vulnerability, it can be exploited to exhaust kernel memory resources, leading to denial of service.

Technical ContextAI

The liquidio driver is a network driver in the Linux kernel responsible for managing Cavium LiquidIO network adapters. The vulnerability exists in the setup_nic_devices() function where failure handling uses a while(i--) cleanup loop that incorrectly skips the device at index i, the one that actually failed initialization. This is a classic off-by-one error (CWE-193 equivalent) where the loop condition causes the first device in the cleanup sequence to be skipped, leaving allocated resources unreleased. The affected CPE cpe:2.3:a:linux:linux indicates this impacts the core Linux kernel itself. The driver is commonly used in data center and high-performance computing environments where LiquidIO network adapters are deployed.

RemediationAI

Apply the kernel patches available from the Linux kernel stable tree (referenced commits: bd680e56e316be92c01568be98d85d7a6c9bd92c and related backports). Update the Linux kernel to a version incorporating one of the provided patch commits. Until patching is possible, monitor kernel memory usage on systems with liquidio adapters during VF setup operations, and restart affected services gracefully to clear any leaked memory. For production systems, prioritize patching the kernel as part of the next scheduled maintenance window, as the fix is relatively low-risk (compile-tested only according to the patch notes) and addresses a real resource leak in the network driver subsystem.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye fixed 5.10.251-1 -
bullseye (security) fixed 5.10.251-1 -
bookworm fixed 6.1.164-1 -
bookworm (security) fixed 6.1.164-1 -
trixie fixed 6.12.73-1 -
trixie (security) fixed 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.10-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23256 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy