CVE-2026-23256

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Compile tested only. Issue found using code review.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/01fbca1e93ec3f39f76c31a8f9afa32ce00da48a	Patch
https://git.kernel.org/stable/c/3bf519e39b51cb08a93c0599870b35a23db1031e	Patch
https://git.kernel.org/stable/c/4640fa5ad5e1a0dbd1c2d22323b7d70a8107dcfd	Patch
https://git.kernel.org/stable/c/52b19b3a22306fe452ec9e8ff96063f4bfb77b99	Patch
https://git.kernel.org/stable/c/6cbba46934aefdfb5d171e0a95aec06c24f7ca30	Patch
https://git.kernel.org/stable/c/71a56b89203ec7e5670d94a61a9b4ae617eca804	Patch
https://git.kernel.org/stable/c/bd680e56e316be92c01568be98d85d7a6c9bd92c	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc7::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc8::::::

History

21 May 2026, 00:13

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-193
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: liquidio: Corrección de error de uno en la limpieza de VF setup_nic_devices() En setup_nic_devices(), el bucle de inicialización salta a la etiqueta setup_nic_dev_free en caso de fallo. El bucle de limpieza actual while(i--) omite el índice i que falla, causando una fuga de memoria. Esto se corrige cambiando el bucle para que itere desde el índice actual i hasta 0. Solo probado en compilación. Problema encontrado mediante revisión de código.
CPE		cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.19:rc7:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc8:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
References	~~() https://git.kernel.org/stable/c/01fbca1e93ec3f39f76c31a8f9afa32ce00da48a -~~	() https://git.kernel.org/stable/c/01fbca1e93ec3f39f76c31a8f9afa32ce00da48a - Patch
References	~~() https://git.kernel.org/stable/c/3bf519e39b51cb08a93c0599870b35a23db1031e -~~	() https://git.kernel.org/stable/c/3bf519e39b51cb08a93c0599870b35a23db1031e - Patch
References	~~() https://git.kernel.org/stable/c/4640fa5ad5e1a0dbd1c2d22323b7d70a8107dcfd -~~	() https://git.kernel.org/stable/c/4640fa5ad5e1a0dbd1c2d22323b7d70a8107dcfd - Patch
References	~~() https://git.kernel.org/stable/c/52b19b3a22306fe452ec9e8ff96063f4bfb77b99 -~~	() https://git.kernel.org/stable/c/52b19b3a22306fe452ec9e8ff96063f4bfb77b99 - Patch
References	~~() https://git.kernel.org/stable/c/6cbba46934aefdfb5d171e0a95aec06c24f7ca30 -~~	() https://git.kernel.org/stable/c/6cbba46934aefdfb5d171e0a95aec06c24f7ca30 - Patch
References	~~() https://git.kernel.org/stable/c/71a56b89203ec7e5670d94a61a9b4ae617eca804 -~~	() https://git.kernel.org/stable/c/71a56b89203ec7e5670d94a61a9b4ae617eca804 - Patch
References	~~() https://git.kernel.org/stable/c/bd680e56e316be92c01568be98d85d7a6c9bd92c -~~	() https://git.kernel.org/stable/c/bd680e56e316be92c01568be98d85d7a6c9bd92c - Patch

18 Mar 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-18 18:16

Updated : 2026-05-21 00:13

NVD link : CVE-2026-23256

Mitre link : CVE-2026-23256

CVE.ORG link : CVE-2026-23256

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-193

Off-by-one Error

5.5 /10