5.5

CVE-2026-23160

octeon_ep: Fix memory leak in octep_device_setup()

In the Linux kernel, the following vulnerability has been resolved:

octeon_ep: Fix memory leak in octep_device_setup()

In octep_device_setup(), if octep_ctrl_net_init() fails, the function
returns directly without unmapping the mapped resources and freeing the
allocated configuration memory.

Fix this by jumping to the unsupported_dev label, which performs the
necessary cleanup. This aligns with the error handling logic of other
paths in this function.

Compile tested only. Issue found using a prototype static analysis tool
and code review.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.4 < 6.6.123
LinuxLinux Kernel Version >= 6.7 < 6.12.69
LinuxLinux Kernel Version >= 6.13 < 6.18.9
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
LinuxLinux Kernel Version6.19 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.018
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/5058d3f8f17202e673f90af1446252322bd0850f
Patch
https://git.kernel.org/stable/c/8016dc5ee19a77678c264f8ba368b1e873fa705b
Patch
https://git.kernel.org/stable/c/d753f3c3f9d7a6e6dbb4d3a97b73007d71624551
Patch
https://git.kernel.org/stable/c/fdfd28e13c244d7c3345e74f339fd1b67605b694
Patch