EUVD-2026-12887

| CVE-2026-23256
2026-03-18 Linux

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2026-12887
CVE Published
Mar 18, 2026 - 17:41 nvd
N/A

Tags

Linux Memory Corruption Debian Linux Kernel

Description

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Compile tested only. Issue found using code review.

Analysis

This vulnerability is an off-by-one error in the Linux kernel's liquidio driver that causes a memory leak during virtual function (VF) setup failure cleanup. The vulnerability affects the Linux kernel across all versions where the liquidio net driver is compiled, as identified through the affected CPE (cpe:2.3:a:linux:linux). …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Vendor Status

Debian

linux
Release Status Fixed Version Urgency
bullseye fixed 5.10.251-1 -
bullseye (security) fixed 5.10.251-1 -
bookworm fixed 6.1.164-1 -
bookworm (security) fixed 6.1.164-1 -
trixie fixed 6.12.73-1 -
trixie (security) fixed 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.10-1 -

Share

EUVD-2026-12887 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy