Skip to main content

Linux CVE-2026-23464

| EUVDEUVD-2026-18728 MEDIUM
Memory Leak (CWE-401)
2026-04-03 Linux GHSA-45hw-xggf-p88g
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 20, 2026 - 15:22 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
17c84fb7cf3971cc621646185d785670e9530ca1,5a741f8cc6fe62542f955cd8d24933a1b6589cbd
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18728
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()

In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails, the function returns immediately without freeing the allocated memory for sys_controller, leading to a memory leak.

Fix this by jumping to the out_free label to ensure the memory is properly freed.

Also, consolidate the error handling for the mbox_request_channel() failure case to use the same label.

AnalysisAI

Memory leak in Linux kernel Microchip MPFS system controller driver (mpfs_sys_controller_probe) allows local attackers to exhaust kernel memory by repeatedly triggering the MTD device lookup failure path, eventually causing denial of service through memory exhaustion.

Technical ContextAI

The vulnerability exists in the Microchip PolarFire SoC (MPFS) system controller probe function within the Linux kernel's soc/microchip/mpfs driver. The code allocates memory for a sys_controller structure but fails to deallocate it when of_get_mtd_device_by_node() returns an error. Similarly, error handling for mbox_request_channel() failure also bypasses proper cleanup. The root cause is improper control flow in error handling paths (CWE-401: Missing Release of Memory after Effective Lifetime), where early function returns occur without executing cleanup code. The fix consolidates error handling by introducing an out_free label that ensures sys_controller memory is properly freed via kfree() before returning to the caller, regardless of which failure path is taken.

RemediationAI

Update the Linux kernel to a version containing one of the provided stable commits. Apply the patch from https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0 or subsequent stable backports listed in the references. The fix consolidates error handling paths by introducing an out_free label that properly frees allocated sys_controller memory before returning on error conditions from both of_get_mtd_device_by_node() and mbox_request_channel() failures. For systems unable to immediately update, disable the Microchip MPFS system controller driver (CONFIG_MPFS_SYSTEM_CONTROLLER) in the kernel configuration if not required for functionality.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23464 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy