CVE-2026-22994 — Missing Release of Resource after Effective Lifetime in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 95.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 23
Description
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix reference count leak in bpf_prog_test_run_xdp()
syzbot is reporting
unregister_netdevice: waiting for sit0 to become free. Usage count = 2
problem. A debug printk() patch found that a refcount is obtained at
xdp_convert_md_to_buff() from bpf_prog_test_run_xdp().
According to commit ec94670fcb3b ("bpf: Support specifying ingress via
xdp_md context in BPF_PROG_TEST_RUN"), the refcount obtained by
xdp_convert_md_to_bu…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linux1c194998252469cad00a08bd9ef0b99fd255c260 — 368569bc546d3368ee9980ba79fc42fdff9a3365+5
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-8r55-jh7v-855p: In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix reference count leak in bpf_prog_test_run_xdp()
syzbot is reporting
un↗2026-01-23
OSV▶
CVE-2026-22994: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix reference count leak in bpf_prog_test_run_xdp() syzbot is reporting unreg↗2026-01-23