Skip to main content

Linux CVE-2026-23260

| EUVDEUVD-2026-12894 MEDIUM
Memory Leak (CWE-401)
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 29, 2026 - 19:07 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2026-12894
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:41 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

regmap: maple: free entry on mas_store_gfp() failure

regcache_maple_write() allocates a new block ('entry') to merge adjacent ranges and then stores it with mas_store_gfp(). When mas_store_gfp() fails, the new 'entry' remains allocated and is never freed, leaking memory.

Free 'entry' on the failure path; on success continue freeing the replaced neighbor blocks ('lower', 'upper').

AnalysisAI

A memory leak vulnerability exists in the Linux kernel's regmap maple tree caching implementation where allocated memory is not freed when the mas_store_gfp() function fails during a write operation. This affects all Linux kernel versions containing the vulnerable regcache_maple_write() function, potentially allowing local attackers to exhaust kernel memory through repeated cache write failures. While no CVSS score or EPSS data is currently available, the vulnerability has been assigned CVE-2026-23260 and multiple stable kernel patches are available, indicating this is a recognized and actively addressed issue.

Technical ContextAI

The vulnerability resides in the regmap (register map) subsystem of the Linux kernel, specifically in the maple tree-based register cache implementation (regcache_maple_write function). The regmap framework provides an abstraction layer for hardware register access, with caching mechanisms to optimize I/O operations. The maple tree is a modern data structure used for efficient range management in the kernel. When regcache_maple_write() attempts to merge adjacent register ranges, it allocates a new memory block ('entry') and attempts to store it using mas_store_gfp(). The root cause is improper error handling (CWE-401: Missing Release of Memory After Effective Lifetime) where the newly allocated entry is not freed when mas_store_gfp() fails, while the code correctly frees previously replaced neighbor blocks ('lower' and 'upper') on the success path. This affects the Linux kernel across all versions implementing this vulnerable pattern, as identified by CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*.

RemediationAI

Update the Linux kernel to a version containing one of the published patches (commits d61171cf097156030142643942c217759a9cc806, 811b45e2d795d955bb7fd9c816b40036f4fde350, f08f2d2907675926ac5657b25f86d921f269602a, or f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8 from https://git.kernel.org/stable/). The fix involves adding explicit memory deallocation for the 'entry' variable on the mas_store_gfp() failure path before returning the error. For systems unable to immediately apply kernel updates, monitor kernel memory usage and watch for signs of memory pressure in the regmap subsystem, and consider limiting register cache write operations if feasible in your hardware configuration. The patches are available through standard Linux distribution kernel update mechanisms.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie fixed 6.12.73-1 -
trixie (security) fixed 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.10-1 -

SUSE

Severity: Medium
Product Status
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.145 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.132 Affected
Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.162 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.132 Affected
Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.176 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.125 Affected
Image SLES-Azure-Basic Image SLES-EC2 Image SLES-Hardened-BYOS-Azure Image SLES-SAPCAL-Azure Affected
SUSE Linux Micro 6.2 Fixed

Share

CVE-2026-23260 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy