CVE-2026-23258Access of Uninitialized Pointer in Linux

CWE-824Access of Uninitialized Pointer8 documents7 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setup_nic_devices(), the netdev is allocated using alloc_etherdev_mq(). However, the pointer to this structure is stored in oct->props[i].netdev only after the calls to netif_set_real_num_rx_queues() and netif_set_real_num_tx_queues(). If either of these functions fails, setup_nic_devices() returns an error without freeing the allocated netdev. Since oct->props[i]

Affected Packages3 packages

Linuxlinux/linux_kernel4.18.05.10.250+5
Debianlinux/linux_kernel< 5.10.251-1+3
CVEListV5linux/linuxc33c997346c34ea7b89aec99524ad9632a2f1e0cbe109646cdaecab262f6276303b1763468c94378+7

🔴Vulnerability Details

4
CVEList
net: liquidio: Initialize netdev pointer before queue setup2026-03-18
GHSA
GHSA-qv92-hwc3-chxf: In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setup_nic_devices2026-03-18
OSV
net: liquidio: Initialize netdev pointer before queue setup2026-03-18
OSV
CVE-2026-23258: In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setup_nic_devices()2026-03-18

📋Vendor Advisories

2
Red Hat
kernel: net: liquidio: Initialize netdev pointer before queue setup2026-03-18
Debian
CVE-2026-23258: linux - In the Linux kernel, the following vulnerability has been resolved: net: liquid...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23258 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23258 — Access of Uninitialized Pointer | cvebase