CVE-2026-23464Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime6 documents6 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 93.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails, the function returns immediately without freeing the allocated memory for sys_controller, leading to a memory leak. Fix this by jumping to the out_free label to ensure the memory is properly freed. Also, consolidate the error handling for the mbox_request_channel() failure case to use the

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux742aa6c563d29c367edbf0ef7236a7a853ed9be4da4b44c42f40501db35f5d0a6243708a061490a0+4
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
OSV
CVE-2026-23464: In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() In mpfs_sys_c2026-04-03
GHSA
GHSA-45hw-xggf-p88g: In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() In mpfs_sys2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()2026-04-03
Debian
CVE-2026-23464: linux - In the Linux kernel, the following vulnerability has been resolved: soc: microc...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23464 Impact, Exploitability, and Mitigation Steps | Wiz