CVE-2026-23160
Severity
5.5MEDIUM
EPSS
0.0%
top 97.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
octeon_ep: Fix memory leak in octep_device_setup()
In octep_device_setup(), if octep_ctrl_net_init() fails, the function
returns directly without unmapping the mapped resources and freeing the
allocated configuration memory.
Fix this by jumping to the unsupported_dev label, which performs the
necessary cleanup. This aligns with the error handling logic of other
paths in this function.
Compile tested only. Issue found using a…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux577f0d1b1c5f3282fa2011177b0af692a7c21aee — 5058d3f8f17202e673f90af1446252322bd0850f+4
Patches
🔴Vulnerability Details
4VulDB▶
Linux Kernel up to 6.6.122/6.12.68/6.18.8 octeon_ep octep_device_setup memory leak (Nessus ID 299222 / WID-SEC-2026-0421)↗2026-04-13
GHSA▶
GHSA-7g88-w646-8r4r: In the Linux kernel, the following vulnerability has been resolved:
octeon_ep: Fix memory leak in octep_device_setup()
In octep_device_setup(), if o↗2026-02-14
OSV▶
CVE-2026-23160: In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix memory leak in octep_device_setup() In octep_device_setup(), if oct↗2026-02-14