CVE-2026-23038Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime13 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 94.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
LinuxLinux KernelDebian Linux+8 more
Timeline
PublishedJan 31
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the already allocated dsaddrs list, leading to a memory leak. Fix this by jumping to the out_err_drain_dsaddrs label, which properly frees the dsaddrs list before cleaning up other resources.

Affected Packages12 packages

Linuxlinux/linux_kernel4.0.05.10.249+5
Debianlinux/linux_kernel< 5.10.249-1+3
CVEListV5linux/linuxd67ae825a59d639e4d8b82413af84d854617a87ee2dde5dafb80f1af4028ed10ad255f42af71c784+7
debiandebian/linux< linux 6.1.162-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.162-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-96c4-w7rm-2mx2: In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_allo2026-01-31
OSV
CVE-2026-23038: In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_2026-01-31
OSV
pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()2026-01-31

📋Vendor Advisories

8
Ubuntu
Linux kernel (HWE) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel vulnerabilities2026-04-16

🕵️Threat Intelligence

1
Wiz
CVE-2026-23038 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23038 — Linux vulnerability | cvebase