Detections
Analytics

CVE-2026-23164

medium

Description

In the Linux kernel, the following vulnerability has been resolved: rocker: fix memory leak in rocker_world_port_post_fini() In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with kzalloc(wops->port_priv_size, GFP_KERNEL). However, in rocker_world_port_post_fini(), the memory is only freed when wops->port_post_fini callback is set: if (!wops->port_post_fini) return; wops->port_post_fini(rocker_port); kfree(rocker_port->wpriv); Since rocker_ofdpa_ops does not implement port_post_fini callback (it is NULL), the wpriv memory allocated for each port is never freed when ports are removed. This leads to a memory leak of sizeof(struct ofdpa_port) bytes per port on every device removal. Fix this by always calling kfree(rocker_port->wpriv) regardless of whether the port_post_fini callback exists.

References

https://git.kernel.org/stable/c/dce375f4afc348c310d171abcde7ec1499a4c26a

https://git.kernel.org/stable/c/d8723917efda3b4f4c3de78d1ec1e1af015c0be1

https://git.kernel.org/stable/c/d448bf96889f1905e740c554780f5c9fa0440566

https://git.kernel.org/stable/c/b11e6f926480ab0939fec44781f28558c54be4e7

https://git.kernel.org/stable/c/8d7ba71e46216b8657a82ca2ec118bc93812a4d0

https://git.kernel.org/stable/c/8ce2e85889939c02740b4245301aa5c35fc94887

https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3

Details

Source: Mitre, NVD

Published: 2026-02-14

Updated: 2026-02-14

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium