CVE-2026-23164
Severity
5.5MEDIUM
EPSS
0.0%
top 96.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
rocker: fix memory leak in rocker_world_port_post_fini()
In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with
kzalloc(wops->port_priv_size, GFP_KERNEL). However, in
rocker_world_port_post_fini(), the memory is only freed when
wops->port_post_fini callback is set:
if (!wops->port_post_fini)
return;
wops->port_post_fini(rocker_port);
kfree(rocker_port->wpriv);
Since rocker_ofdpa_ops does not implement port_pos…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linuxe420114eef4a3a5025a243b89b0dc343101e3d3c — 2a3a64d75d2d0727da285749476761ebcad557a3+7
Patches
🔴Vulnerability Details
4VulDB▶
Linux Kernel up to 6.18.8 rocker_world_port_post_fini memory leak (Nessus ID 299225 / WID-SEC-2026-0421)↗2026-04-13
OSV▶
CVE-2026-23164: In the Linux kernel, the following vulnerability has been resolved: rocker: fix memory leak in rocker_world_port_post_fini() In rocker_world_port_pre_↗2026-02-14
GHSA▶
GHSA-4chx-f5rg-w5pp: In the Linux kernel, the following vulnerability has been resolved:
rocker: fix memory leak in rocker_world_port_post_fini()
In rocker_world_port_pr↗2026-02-14