CVE-2026-23256Off-by-one Error in Linux

CWE-193Off-by-one Error8 documents7 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Compile tested only. Issue found using code review.

Affected Packages3 packages

Linuxlinux/linux_kernel4.10.05.10.250+5
Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linux846b46873eeb3baf40f7e6d8fe8f98aec95e7727bd680e56e316be92c01568be98d85d7a6c9bd92c+7

🔴Vulnerability Details

4
OSV
net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup2026-03-18
OSV
CVE-2026-23256: In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic2026-03-18
CVEList
net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup2026-03-18
GHSA
GHSA-wwv9-pvmj-9mc8: In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_n2026-03-18

📋Vendor Advisories

2
Red Hat
kernel: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup2026-03-18
Debian
CVE-2026-23256: linux - In the Linux kernel, the following vulnerability has been resolved: net: liquid...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23256 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23256 — Off-by-one Error in Linux | cvebase