PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23258 Linux CVE debrief

A memory leak vulnerability exists in the Linux kernel's LiquidIO network driver. In setup_nic_devices(), a netdev structure is allocated via alloc_etherdev_mq(), but the pointer is stored in oct->props[i].netdev only after calls to netif_set_real_num_rx_queues() and netif_set_real_num_tx_queues(). If either queue setup function fails, the error return path does not free the allocated netdev because oct->props[i].netdev remains NULL, causing liquidio_destroy_nic_device() to fail to locate and release the memory. The fix initializes oct->props[i].netdev before the queue setup functions, ensuring proper cleanup on failure. The issue was identified through a prototype static analysis tool and code review, with compile testing only performed for the fix.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-18
Original CVE updated
2026-05-29
Advisory published
2026-03-18
Advisory updated
2026-05-29

Who should care

Linux system administrators running kernels with the LiquidIO driver enabled, particularly those using Cavium/Marvell LiquidIO intelligent server adapters. Organizations with long-running systems where memory leaks could accumulate to cause denial of service conditions.

Technical summary

The vulnerability is a memory leak (CWE-401) in the LiquidIO network driver within the Linux kernel. The root cause is improper initialization ordering: in setup_nic_devices(), alloc_etherdev_mq() allocates a netdev structure, but the pointer assignment to oct->props[i].netdev occurs after netif_set_real_num_rx_queues() and netif_set_real_num_tx_queue() calls. If these functions fail, the error return path cannot free the netdev because the cleanup function liquidio_destroy_nic_device() relies on oct->props[i].netdev being non-NULL to locate the structure. The fix reorders initialization so oct->props[i].netdev is set before queue setup, enabling proper cleanup. The issue requires local access with low privileges and can lead to denial of service through memory exhaustion.

Defensive priority

medium

Recommended defensive actions

  • Apply the appropriate stable kernel patch for your Linux kernel version to ensure the netdev pointer is initialized before queue setup functions are called
  • Upgrade to a patched kernel version: 5.10.250 or later for 5.10.x series, 5.15.200 or later for 5.15.x series, 6.1.163 or later for 6.1.x series, 6.6.124 or later for 6.6.x series, 6.12.70 or later for 6.12.x series, or

Evidence notes

The vulnerability description and patch references are sourced from the official NVD record. The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H indicates local attack vector with low attack complexity, low privileges required, no user interaction, and high availability impact. The weakness is classified as CWE-401 (Missing Release of Memory after Effective Lifetime). Multiple stable kernel patches are available across affected versions.

Official resources

public