Vulnerability-Lookup

CVE-2026-23257 (GCVE-0-2026-23257)

Vulnerability from cvelistv5 – Published: 2026-03-18 17:41 – Updated: 2026-03-18 17:41

Title

net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

Summary

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index. Compile tested only. Issue found using code review.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/af38d9a5cb49fe9d0…
	https://git.kernel.org/stable/c/d86c58eb005eb99da…
	https://git.kernel.org/stable/c/f1216b80c9040a904…
	https://git.kernel.org/stable/c/a0d2389c8cdc1f05d…
	https://git.kernel.org/stable/c/f86bd16280a0f88b5…
	https://git.kernel.org/stable/c/293eaad0d6d6b2a37…
	https://git.kernel.org/stable/c/8558aef4e8a1a8304…

Impacted products

Vendor

Product

Version

Linux

Affected: f21fb3ed364bb83533c5efe19354e337ea9ecda9 , < af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d (git)
Affected: f21fb3ed364bb83533c5efe19354e337ea9ecda9 , < d86c58eb005eb99da402452f3db7a6e0eae32815 (git)
Affected: f21fb3ed364bb83533c5efe19354e337ea9ecda9 , < f1216b80c9040a904d2ad7c8cd24ca0ff1f36932 (git)
Affected: f21fb3ed364bb83533c5efe19354e337ea9ecda9 , < a0d2389c8cdc1f05de5eb8663bffe9ed05dca769 (git)
Affected: f21fb3ed364bb83533c5efe19354e337ea9ecda9 , < f86bd16280a0f88b538394e0565c56ce4756da99 (git)
Affected: f21fb3ed364bb83533c5efe19354e337ea9ecda9 , < 293eaad0d6d6b2a37a458c7deb7be345349cd963 (git)
Affected: f21fb3ed364bb83533c5efe19354e337ea9ecda9 , < 8558aef4e8a1a83049ab906d21d391093cfa7e7f (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 5.10.250 , ≤ 5.10.* (semver)
Unaffected: 5.15.200 , ≤ 5.15.* (semver)
Unaffected: 6.1.163 , ≤ 6.1.* (semver)
Unaffected: 6.6.124 , ≤ 6.6.* (semver)
Unaffected: 6.12.70 , ≤ 6.12.* (semver)
Unaffected: 6.18.10 , ≤ 6.18.* (semver)
Unaffected: 6.19 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/cavium/liquidio/lio_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d",
              "status": "affected",
              "version": "f21fb3ed364bb83533c5efe19354e337ea9ecda9",
              "versionType": "git"
            },
            {
              "lessThan": "d86c58eb005eb99da402452f3db7a6e0eae32815",
              "status": "affected",
              "version": "f21fb3ed364bb83533c5efe19354e337ea9ecda9",
              "versionType": "git"
            },
            {
              "lessThan": "f1216b80c9040a904d2ad7c8cd24ca0ff1f36932",
              "status": "affected",
              "version": "f21fb3ed364bb83533c5efe19354e337ea9ecda9",
              "versionType": "git"
            },
            {
              "lessThan": "a0d2389c8cdc1f05de5eb8663bffe9ed05dca769",
              "status": "affected",
              "version": "f21fb3ed364bb83533c5efe19354e337ea9ecda9",
              "versionType": "git"
            },
            {
              "lessThan": "f86bd16280a0f88b538394e0565c56ce4756da99",
              "status": "affected",
              "version": "f21fb3ed364bb83533c5efe19354e337ea9ecda9",
              "versionType": "git"
            },
            {
              "lessThan": "293eaad0d6d6b2a37a458c7deb7be345349cd963",
              "status": "affected",
              "version": "f21fb3ed364bb83533c5efe19354e337ea9ecda9",
              "versionType": "git"
            },
            {
              "lessThan": "8558aef4e8a1a83049ab906d21d391093cfa7e7f",
              "status": "affected",
              "version": "f21fb3ed364bb83533c5efe19354e337ea9ecda9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/cavium/liquidio/lio_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.250",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.200",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.250",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.200",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.163",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.124",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.70",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.10",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup\n\nIn setup_nic_devices(), the initialization loop jumps to the label\nsetup_nic_dev_free on failure. The current cleanup loop while(i--)\nskip the failing index i, causing a memory leak.\n\nFix this by changing the loop to iterate from the current index i\ndown to 0.\n\nAlso, decrement i in the devlink_alloc failure path to point to the\nlast successfully allocated index.\n\nCompile tested only. Issue found using code review."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T17:41:04.078Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769"
        },
        {
          "url": "https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99"
        },
        {
          "url": "https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963"
        },
        {
          "url": "https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f"
        }
      ],
      "title": "net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23257",
    "datePublished": "2026-03-18T17:41:04.078Z",
    "dateReserved": "2026-01-13T15:37:45.990Z",
    "dateUpdated": "2026-03-18T17:41:04.078Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23257\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-03-18T18:16:23.997\",\"lastModified\":\"2026-03-19T13:25:00.570\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup\\n\\nIn setup_nic_devices(), the initialization loop jumps to the label\\nsetup_nic_dev_free on failure. The current cleanup loop while(i--)\\nskip the failing index i, causing a memory leak.\\n\\nFix this by changing the loop to iterate from the current index i\\ndown to 0.\\n\\nAlso, decrement i in the devlink_alloc failure path to point to the\\nlast successfully allocated index.\\n\\nCompile tested only. Issue found using code review.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

FKIE_CVE-2026-23257

Vulnerability from fkie_nvd - Published: 2026-03-18 18:16 - Updated: 2026-03-19 13:25

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup\n\nIn setup_nic_devices(), the initialization loop jumps to the label\nsetup_nic_dev_free on failure. The current cleanup loop while(i--)\nskip the failing index i, causing a memory leak.\n\nFix this by changing the loop to iterate from the current index i\ndown to 0.\n\nAlso, decrement i in the devlink_alloc failure path to point to the\nlast successfully allocated index.\n\nCompile tested only. Issue found using code review."
    }
  ],
  "id": "CVE-2026-23257",
  "lastModified": "2026-03-19T13:25:00.570",
  "metrics": {},
  "published": "2026-03-18T18:16:23.997",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

WID-SEC-W-2026-0790

Vulnerability from csaf_certbund - Published: 2026-03-18 23:00 - Updated: 2026-03-26 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einem Denial-of-Service-Zustand, einer Rechteausweitung oder einer Speicherbeschädigung führen können.

Betroffene Betriebssysteme: - Linux

CVE-2025-71268

CVE-2025-71269

CVE-2025-71270

CVE-2026-23249

CVE-2026-23250

CVE-2026-23251

CVE-2026-23252

CVE-2026-23253

CVE-2026-23254

CVE-2026-23255

CVE-2026-23256

CVE-2026-23257

CVE-2026-23258

CVE-2026-23259

CVE-2026-23260

CVE-2026-23261

CVE-2026-23262

CVE-2026-23263

CVE-2026-23264

CVE-2026-23265

CVE-2026-23266

CVE-2026-23267

CVE-2026-23268

CVE-2026-23269

CVE-2026-23270

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://lore.kernel.org/linux-cve-announce/	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://kb.igel.com/en/security-safety/current/is…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einem Denial-of-Service-Zustand, einer Rechteausweitung oder einer Speicherbesch\u00e4digung f\u00fchren k\u00f6nnen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0790 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0790.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0790 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0790"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71268",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031814-CVE-2025-71268-057a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71269",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71269-b47d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71270",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71270-19ac@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23249",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031843-CVE-2026-23249-c309@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23250",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031845-CVE-2026-23250-271e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23251",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031845-CVE-2026-23251-259a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23252",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23252-6bef@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23253",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23253-b1c6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23254",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031817-CVE-2026-23254-6387@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23255",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031817-CVE-2026-23255-fc51@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23256",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23256-b93b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23257",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23257-bd18@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23258",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23258-d181@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23259",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23259-5bd7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23260",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23260-6464@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23261",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23261-f757@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23262",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23262-a421@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23263",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23263-5c88@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23264",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23264-fe5b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23265",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031853-CVE-2026-23265-6d01@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23266",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031853-CVE-2026-23266-b57b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23267",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031811-CVE-2026-23267-ff55@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23268",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23268-6be3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23269",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23269-2bf7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23270",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031847-CVE-2026-23270-cb9a@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0961-1 vom 2026-03-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024805.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0962-1 vom 2026-03-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024803.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0984-1 vom 2026-03-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024841.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1003-1 vom 2026-03-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024925.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1041-1 vom 2026-03-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024928.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1078-1 vom 2026-03-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024954.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1077-1 vom 2026-03-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024956.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1081-1 vom 2026-03-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024953.html"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2026-07 vom 2026-03-26",
        "url": "https://kb.igel.com/en/security-safety/current/isn-2026-07-apparmor-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-26T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-27T09:01:23.025+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0790",
      "initial_release_date": "2026-03-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-24T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-25T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-26T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE und IGEL aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T051923",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-71268",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-71268"
    },
    {
      "cve": "CVE-2025-71269",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-71269"
    },
    {
      "cve": "CVE-2025-71270",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-71270"
    },
    {
      "cve": "CVE-2026-23249",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23249"
    },
    {
      "cve": "CVE-2026-23250",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23250"
    },
    {
      "cve": "CVE-2026-23251",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23251"
    },
    {
      "cve": "CVE-2026-23252",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23252"
    },
    {
      "cve": "CVE-2026-23253",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23253"
    },
    {
      "cve": "CVE-2026-23254",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23254"
    },
    {
      "cve": "CVE-2026-23255",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23255"
    },
    {
      "cve": "CVE-2026-23256",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23256"
    },
    {
      "cve": "CVE-2026-23257",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23257"
    },
    {
      "cve": "CVE-2026-23258",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23258"
    },
    {
      "cve": "CVE-2026-23259",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23259"
    },
    {
      "cve": "CVE-2026-23260",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23260"
    },
    {
      "cve": "CVE-2026-23261",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23261"
    },
    {
      "cve": "CVE-2026-23262",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23262"
    },
    {
      "cve": "CVE-2026-23263",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23263"
    },
    {
      "cve": "CVE-2026-23264",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23264"
    },
    {
      "cve": "CVE-2026-23265",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23265"
    },
    {
      "cve": "CVE-2026-23266",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23266"
    },
    {
      "cve": "CVE-2026-23267",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23267"
    },
    {
      "cve": "CVE-2026-23268",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23268"
    },
    {
      "cve": "CVE-2026-23269",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23269"
    },
    {
      "cve": "CVE-2026-23270",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23270"
    }
  ]
}

GHSA-P66J-QJ5C-Q58G

Vulnerability from github – Published: 2026-03-18 18:31 – Updated: 2026-03-18 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak.

Fix this by changing the loop to iterate from the current index i down to 0.

Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index.

Compile tested only. Issue found using code review.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-23257"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-18T18:16:23Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup\n\nIn setup_nic_devices(), the initialization loop jumps to the label\nsetup_nic_dev_free on failure. The current cleanup loop while(i--)\nskip the failing index i, causing a memory leak.\n\nFix this by changing the loop to iterate from the current index i\ndown to 0.\n\nAlso, decrement i in the devlink_alloc failure path to point to the\nlast successfully allocated index.\n\nCompile tested only. Issue found using code review.",
  "id": "GHSA-p66j-qj5c-q58g",
  "modified": "2026-03-18T18:31:18Z",
  "published": "2026-03-18T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23257"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-23257 (GCVE-0-2026-23257)

FKIE_CVE-2026-23257

WID-SEC-W-2026-0790

GHSA-P66J-QJ5C-Q58G

Tags

Sightings

Nomenclature