CVE-2026-23257Off-by-one Error in Linux

CWE-193Off-by-one Error8 documents7 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated in

Affected Packages3 packages

Linuxlinux/linux_kernel4.2.05.10.250+5
Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linuxf21fb3ed364bb83533c5efe19354e337ea9ecda9af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d+7

🔴Vulnerability Details

4
OSV
CVE-2026-23257: In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic2026-03-18
GHSA
GHSA-p66j-qj5c-q58g: In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_n2026-03-18
OSV
net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup2026-03-18
CVEList
net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup2026-03-18

📋Vendor Advisories

2
Red Hat
kernel: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup2026-03-18
Debian
CVE-2026-23257: linux - In the Linux kernel, the following vulnerability has been resolved: net: liquid...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23257 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23257 — Off-by-one Error in Linux | cvebase