PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23260 Linux CVE debrief

A memory leak vulnerability in the Linux kernel's regmap maple cache implementation allows uncontrolled memory consumption when mas_store_gfp() fails. The flaw exists in regcache_maple_write(), which allocates a new block ('entry') to merge adjacent ranges but fails to free it when mas_store_gfp() returns an error. On the success path, the function correctly frees replaced neighbor blocks ('lower', 'upper'), but the failure path omits freeing the newly allocated 'entry', causing the block to remain allocated indefinitely. This is classified as CWE-401 (Missing Release of Memory after Effective Lifetime). The vulnerability requires local access with low privileges and no user interaction, with availability impact rated high per CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. Affected versions span Linux kernel 6.4 through 6.6.124, 6.7 through 6.12.70, 6.13 through 6.18.10, and 6.19-rc1 through 6.19-rc6. The issue was resolved by adding a kfree(entry) call on the mas_store_gfp() failure path before returning the error.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-18
Original CVE updated
2026-05-29
Advisory published
2026-03-18
Advisory updated
2026-05-29

Who should care

Linux system administrators, kernel maintainers, and security teams managing systems running affected kernel versions where local users may trigger repeated regmap cache operations to exhaust kernel memory

Technical summary

The regcache_maple_write() function in the Linux kernel's regmap subsystem allocates a new cache entry block intended to merge adjacent ranges, then attempts to store it using mas_store_gfp(). If mas_store_gfp() fails, the function returns the error code without freeing the newly allocated 'entry' block, resulting in a memory leak. The fix adds kfree(entry) on the failure path before returning, ensuring proper cleanup. The success path already correctly frees replaced neighbor blocks ('lower', 'upper').

Defensive priority

medium

Recommended defensive actions

  • Apply the appropriate stable kernel patch for your version stream: 6.6.x, 6.12.x, 6.18.x, or mainline
  • Upgrade to a fixed kernel version: 6.6.124 or later, 6.12.70 or later, 6.18.10 or later, or 6.19-rc7 or later
  • Monitor systems for abnormal memory growth in kernel space that may indicate exploitation of this leak
  • If patching is not immediately feasible, consider restricting untrusted local access to systems running affected kernel versions

Evidence notes

CVE description confirms memory leak in regcache_maple_write() when mas_store_gfp() fails. NVD CPE criteria specify affected kernel version ranges. CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H supports local attack vector with availability impact. CWE-401 assigned by NVD. Four stable kernel patches provided via git.kernel.org.

Official resources

2026-03-18