Is there a patch available for CVE-2026-23260?

Yes, a patch is available for CVE-2026-23260. Update the affected software to the latest version immediately.

Linux Kernel CVE-2026-23260

EUVD-2026-12894

2026-03-18 Linux

Denial Of Service Linux Memory Corruption Debian Linux Kernel

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 18, 2026 - 18:00 euvd

EUVD-2026-12894

Analysis Generated

Mar 18, 2026 - 18:00 vuln.today

CVE Published

Mar 18, 2026 - 17:41 nvd

N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

regmap: maple: free entry on mas_store_gfp() failure

regcache_maple_write() allocates a new block ('entry') to merge adjacent ranges and then stores it with mas_store_gfp(). When mas_store_gfp() fails, the new 'entry' remains allocated and is never freed, leaking memory.

Free 'entry' on the failure path; on success continue freeing the replaced neighbor blocks ('lower', 'upper').

AnalysisAI

A memory leak vulnerability exists in the Linux kernel's regmap maple tree caching implementation where allocated memory is not freed when the mas_store_gfp() function fails during a write operation. This affects all Linux kernel versions containing the vulnerable regcache_maple_write() function, potentially allowing local attackers to exhaust kernel memory through repeated cache write failures. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47271 MEDIUM This Month

5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

Vendor StatusVendor

Debian

linux

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	5.10.223-1	-
bullseye (security)	vulnerable	5.10.251-1	-
bookworm	vulnerable	6.1.159-1	-
bookworm (security)	vulnerable	6.1.164-1	-
trixie	fixed	6.12.73-1	-
trixie (security)	fixed	6.12.74-2	-
forky	fixed	6.19.6-2	-
sid	fixed	6.19.8-1	-
(unstable)	fixed	6.18.10-1	-

CVE-2026-23260 vulnerability details – vuln.today

Back