CVE-2026-23013 — Use After Free in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 25
Description
In the Linux kernel, the following vulnerability has been resolved:
net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback
octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to
ioq_vector. If request_irq() fails part-way, the rollback loop calls
free_irq() with dev_id set to 'oct', which does not match the original
dev_id and may leave the irqaction registered.
This can keep IRQ handlers alive while ioq_vector is later freed during
unwind/teardown, leading to a use-aft…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
▶CVEListV5linux/linux1cd3b407977c3ab1d2ddc26cb7113e7fb1509cd1 — aa05a8371ae4a452df623f7202c72409d3c50e40+3
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-r5qx-544g-4q99: In the Linux kernel, the following vulnerability has been resolved:
net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback
octep_vf_request↗2026-01-25
OSV▶
CVE-2026-23013: In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_i↗2026-01-25