Skip to main content

Linux CVE-2026-23257

| EUVDEUVD-2026-12888 MEDIUM
Off-by-one Error (CWE-193)
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
3.3 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 21, 2026 - 00:22 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2026-12888
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:41 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak.

Fix this by changing the loop to iterate from the current index i down to 0.

Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index.

Compile tested only. Issue found using code review.

AnalysisAI

A memory leak vulnerability exists in the Linux kernel's liquidio network driver within the setup_nic_devices() function, where an off-by-one error in the cleanup loop causes failure to deallocate the last successfully allocated device during error handling. The vulnerability affects Linux kernel versions across multiple stable branches (as evidenced by patches in 4.9, 4.14, 4.19, 5.4, 5.10, 5.15, and 5.16 stable trees per the kernel.org references). While this is a local denial-of-service vector through memory exhaustion rather than a direct code execution path, it could be leveraged by unprivileged users to degrade system stability over time.

Technical ContextAI

The liquidio driver (Cavium LiquidIO) is a network interface driver for specialized hardware, integrated into the Linux kernel networking subsystem. The vulnerability resides in the PF (Physical Function) device setup code where multiple network devices are initialized in a loop. When allocation fails at index i, the cleanup path (setup_nic_dev_free label) uses a while(i--) loop that performs a post-decrement, causing iteration to skip index i itself—the last allocated device—before the decrement occurs. This is a classic off-by-one error (CWE-193 equivalent pattern). The affected products are defined by CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*, indicating all Linux kernel versions are technically in scope, but the actual impact is limited to systems with liquidio hardware/drivers enabled.

RemediationAI

Apply the kernel patch from the appropriate stable branch at https://git.kernel.org/stable/ by upgrading to the latest kernel version in your branch (5.16.x, 5.15.x, 5.10.x, 5.4.x, 4.19.x, 4.14.x, or 4.9.x depending on your distribution support window). The fix modifies the cleanup loop in setup_nic_devices() to iterate from index i down to 0 without skipping, and decrements i in the devlink_alloc failure path to correctly identify the last allocated device. For distributions, contact your vendor (e.g., Red Hat, Canonical, SUSE) for backported kernel updates. If immediate patching is not feasible, mitigate by disabling the liquidio driver module (modprobe -r liquidio) if not required, or limiting driver initialization attempts to avoid triggering the failure path. Systems without Cavium LiquidIO hardware are unaffected and do not require priority patching.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye fixed 5.10.251-1 -
bullseye (security) fixed 5.10.251-1 -
bookworm fixed 6.1.164-1 -
bookworm (security) fixed 6.1.164-1 -
trixie fixed 6.12.73-1 -
trixie (security) fixed 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.10-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23257 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy