PatchSiren cyber security CVE debrief
CVE-2026-23261 Linux CVE debrief
CVE-2026-23261 describes a Linux kernel NVMe/FC initialization bug that can leak admin queue/tagset resources if controller setup fails after `nvme_add_ctrl()` succeeds. The issue is in the failure path of `nvme_fc_init_ctrl()`: controller references are torn down, but the admin blk-mq allocation is not freed unless `ctrl->ctrl.admin_tagset` is explicitly checked and removed. The supplied description ties the problem to kmemleak findings during blktests `nvme/fc`.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-18
- Original CVE updated
- 2026-03-19
- Advisory published
- 2026-03-18
- Advisory updated
- 2026-03-19
Who should care
Linux kernel maintainers, distribution integrators, storage/platform teams running NVMe over Fibre Channel, and operators who validate kernel stability or memory/resource accounting on affected systems.
Technical summary
According to the CVE description, `nvme_fabrics` creates an NVMe/FC controller through `nvmf_dev_write() -> nvmf_create_ctrl() -> nvme_fc_create_ctrl() -> nvme_fc_init_ctrl()`. `nvme_fc_init_ctrl()` allocates admin blk-mq resources immediately after `nvme_add_ctrl()` succeeds. If later setup steps fail, execution reaches `fail_ctrl`, which cleans up controller references but does not free the admin tagset. The fix described is to check `ctrl->ctrl.admin_tagset` in `fail_ctrl` and call `nvme_remove_admin_tag_set()` so the admin queue allocations are reclaimed on abort.
Defensive priority
Medium
Recommended defensive actions
- Apply or backport the upstream Linux kernel fix referenced by the official stable.kernel.org commit links in the CVE record.
- Review NVMe/FC controller setup failure handling in your kernel build or backport stack to confirm admin tagset cleanup is present.
- If you validate storage kernels with blktests, include `nvme/fc` coverage to catch resource leaks in controller-abort paths.
- Monitor kernel logs and memory/resource diagnostics for leaked blk-mq allocations after failed NVMe/FC controller initialization.
- Treat the issue as a reliability and resource-management bug rather than an exploit-focused advisory, and prioritize it where NVMe/FC is deployed.
Evidence notes
The supplied CVE text states that `nvme_fc_init_ctrl()` allocates admin blk-mq resources after `nvme_add_ctrl()` succeeds and that later failures can leave `ctrl->ctrl.admin_tagset` uncleared in `fail_ctrl`, producing leaked allocations observed by kmemleak during blktests `nvme/fc`. The source record also lists four official `git.kernel.org` stable commit URLs as references. No CVSS score/vector was provided in the supplied data, and NVD marks the item as undergoing analysis.
Official resources
-
CVE-2026-23261 CVE record
CVE.org
-
CVE-2026-23261 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published: 2026-03-18T18:16:24.623Z. Modified: 2026-03-19T17:16:22.743Z. The supplied source item says NVD vulnerability status is 'Undergoing Analysis.' Timing in this debrief follows the CVE published/modified dates provided in the corpus