CVE-2026-23261Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime8 documents7 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 93.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvme_fabrics creates an NVMe/FC controller in following path: nvmf_dev_write() -> nvmf_create_ctrl() -> nvme_fc_create_ctrl() -> nvme_fc_init_ctrl() nvme_fc_init_ctrl() allocates the admin blk-mq resources right after nvme_add_ctrl() succeeds. If any of the subsequent steps fail (changing the controller state, scheduling connect work, etc.), we jump to the fail_ctrl path, which tea

Affected Packages3 packages

Linuxlinux/linux_kernel6.7.06.12.70+2
Debianlinux/linux_kernel< 6.12.73-1+1
CVEListV5linux/linux5fe335a80548e2eda5d51fab801108b323600e957c54d3f5ebbc5982daaa004260242dc07ac943ea+5

🔴Vulnerability Details

4
OSV
CVE-2026-23261: In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvme_fabrics creates an NVMe/FC contro2026-03-18
CVEList
nvme-fc: release admin tagset if init fails2026-03-18
GHSA
GHSA-j54v-pxgx-56hg: In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvme_fabrics creates an NVMe/FC cont2026-03-18
OSV
nvme-fc: release admin tagset if init fails2026-03-18

📋Vendor Advisories

2
Red Hat
kernel: nvme-fc: release admin tagset if init fails2026-03-18
Debian
CVE-2026-23261: linux - In the Linux kernel, the following vulnerability has been resolved: nvme-fc: re...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23261 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23261 — Linux vulnerability | cvebase