CVE-2026-23164

{"id": "CVE-2026-23164", "cveTags": [], "metrics": {}, "published": "2026-02-14T16:15:56.590", "references": [{"url": "https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8ce2e85889939c02740b4245301aa5c35fc94887", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8d7ba71e46216b8657a82ca2ec118bc93812a4d0", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b11e6f926480ab0939fec44781f28558c54be4e7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d448bf96889f1905e740c554780f5c9fa0440566", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d8723917efda3b4f4c3de78d1ec1e1af015c0be1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dce375f4afc348c310d171abcde7ec1499a4c26a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrocker: fix memory leak in rocker_world_port_post_fini()\n\nIn rocker_world_port_pre_init(), rocker_port->wpriv is allocated with\nkzalloc(wops->port_priv_size, GFP_KERNEL). However, in\nrocker_world_port_post_fini(), the memory is only freed when\nwops->port_post_fini callback is set:\n\n if (!wops->port_post_fini)\n return;\n wops->port_post_fini(rocker_port);\n kfree(rocker_port->wpriv);\n\nSince rocker_ofdpa_ops does not implement port_post_fini callback\n(it is NULL), the wpriv memory allocated for each port is never freed\nwhen ports are removed. This leads to a memory leak of\nsizeof(struct ofdpa_port) bytes per port on every device removal.\n\nFix this by always calling kfree(rocker_port->wpriv) regardless of\nwhether the port_post_fini callback exists."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nrocker: corregir fuga de memoria en rocker_world_port_post_fini()\n\nEn rocker_world_port_pre_init(), rocker_port->wpriv se asigna con kzalloc(wops->port_priv_size, GFP_KERNEL). Sin embargo, en rocker_world_port_post_fini(), la memoria solo se libera cuando la devoluci\u00f3n de llamada wops->port_post_fini est\u00e1 establecida:\n\n si (!wops->port_post_fini)\n retornar;\n wops->port_post_fini(rocker_port);\n kfree(rocker_port->wpriv);\n\nDado que rocker_ofdpa_ops no implementa la devoluci\u00f3n de llamada port_post_fini (es NULL), la memoria wpriv asignada para cada puerto nunca se libera cuando se eliminan los puertos. Esto conduce a una fuga de memoria de sizeof(struct ofdpa_port) bytes por puerto en cada eliminaci\u00f3n de dispositivo.\n\nSolucione esto llamando siempre a kfree(rocker_port->wpriv) independientemente de si existe la devoluci\u00f3n de llamada port_post_fini."}], "lastModified": "2026-02-18T17:52:44.520", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}