CVE-2026-23046Operation on a Resource after Expiration or Release in Linux

CWE-672Operation on a Resource after Expiration or Release7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr allocation uses virtio_device->device, but virtnet_set_queues() frees using net_device->device. This device mismatch causing below devres warning [ 3788.514041] ------------[ cut here ]------------ [ 3788.514044] WARNING: drivers/base/devres.c:1095 at devm_kfree+0x84/0x98, CPU#16: vdpa/1463 [ 3788.514054] Modules linked in: octep_vdpa virtio_net virtio

Affected Packages4 packages

Linuxlinux/linux_kernel6.15.06.18.6
Debianlinux/linux_kernel< 6.18.8-1
CVEListV5linux/linux4944be2f5ad8c74b93e4e272f3a0f1a136bbc438a5e2d902f64c76169c771f584559c82b588090e3+2
debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-ppvw-hxrc-mgfc: In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr alloc2026-02-04
OSV
CVE-2026-23046: In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr allocat2026-02-04
OSV
virtio_net: fix device mismatch in devm_kzalloc/devm_kfree2026-02-04

📋Vendor Advisories

2
Red Hat
kernel: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree2026-02-04
Debian
CVE-2026-23046: linux - In the Linux kernel, the following vulnerability has been resolved: virtio_net:...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23046 Impact, Exploitability, and Mitigation Steps | Wiz