Vulnerability-Lookup

CVE-2026-23260 (GCVE-0-2026-23260)

Vulnerability from cvelistv5 – Published: 2026-03-18 17:41 – Updated: 2026-03-19 16:01

Title

regmap: maple: free entry on mas_store_gfp() failure

Summary

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: free entry on mas_store_gfp() failure regcache_maple_write() allocates a new block ('entry') to merge adjacent ranges and then stores it with mas_store_gfp(). When mas_store_gfp() fails, the new 'entry' remains allocated and is never freed, leaking memory. Free 'entry' on the failure path; on success continue freeing the replaced neighbor blocks ('lower', 'upper').

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d61171cf097156030…
	https://git.kernel.org/stable/c/811b45e2d795d955b…
	https://git.kernel.org/stable/c/f08f2d2907675926a…
	https://git.kernel.org/stable/c/f3f380ce6b3d5c980…

Impacted products

Vendor

Product

Version

Linux

Affected: f033c26de5a5734625d2dd1dc196745fae186f1b , < d61171cf097156030142643942c217759a9cc806 (git)
Affected: f033c26de5a5734625d2dd1dc196745fae186f1b , < 811b45e2d795d955bb7fd9c816b40036f4fde350 (git)
Affected: f033c26de5a5734625d2dd1dc196745fae186f1b , < f08f2d2907675926ac5657b25f86d921f269602a (git)
Affected: f033c26de5a5734625d2dd1dc196745fae186f1b , < f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.6.124 , ≤ 6.6.* (semver)
Unaffected: 6.12.70 , ≤ 6.12.* (semver)
Unaffected: 6.18.10 , ≤ 6.18.* (semver)
Unaffected: 6.19 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regcache-maple.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d61171cf097156030142643942c217759a9cc806",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            },
            {
              "lessThan": "811b45e2d795d955bb7fd9c816b40036f4fde350",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            },
            {
              "lessThan": "f08f2d2907675926ac5657b25f86d921f269602a",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            },
            {
              "lessThan": "f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8",
              "status": "affected",
              "version": "f033c26de5a5734625d2dd1dc196745fae186f1b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/base/regmap/regcache-maple.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.70",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.19",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.124",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.70",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.10",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: free entry on mas_store_gfp() failure\n\nregcache_maple_write() allocates a new block (\u0027entry\u0027) to merge\nadjacent ranges and then stores it with mas_store_gfp().\nWhen mas_store_gfp() fails, the new \u0027entry\u0027 remains allocated and\nis never freed, leaking memory.\n\nFree \u0027entry\u0027 on the failure path; on success continue freeing the\nreplaced neighbor blocks (\u0027lower\u0027, \u0027upper\u0027)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-19T16:01:05.479Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806"
        },
        {
          "url": "https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350"
        },
        {
          "url": "https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8"
        }
      ],
      "title": "regmap: maple: free entry on mas_store_gfp() failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23260",
    "datePublished": "2026-03-18T17:41:06.738Z",
    "dateReserved": "2026-01-13T15:37:45.990Z",
    "dateUpdated": "2026-03-19T16:01:05.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23260\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-03-18T18:16:24.477\",\"lastModified\":\"2026-03-19T13:25:00.570\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nregmap: maple: free entry on mas_store_gfp() failure\\n\\nregcache_maple_write() allocates a new block (\u0027entry\u0027) to merge\\nadjacent ranges and then stores it with mas_store_gfp().\\nWhen mas_store_gfp() fails, the new \u0027entry\u0027 remains allocated and\\nis never freed, leaking memory.\\n\\nFree \u0027entry\u0027 on the failure path; on success continue freeing the\\nreplaced neighbor blocks (\u0027lower\u0027, \u0027upper\u0027).\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

FKIE_CVE-2026-23260

Vulnerability from fkie_nvd - Published: 2026-03-18 18:16 - Updated: 2026-03-19 13:25

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: free entry on mas_store_gfp() failure\n\nregcache_maple_write() allocates a new block (\u0027entry\u0027) to merge\nadjacent ranges and then stores it with mas_store_gfp().\nWhen mas_store_gfp() fails, the new \u0027entry\u0027 remains allocated and\nis never freed, leaking memory.\n\nFree \u0027entry\u0027 on the failure path; on success continue freeing the\nreplaced neighbor blocks (\u0027lower\u0027, \u0027upper\u0027)."
    }
  ],
  "id": "CVE-2026-23260",
  "lastModified": "2026-03-19T13:25:00.570",
  "metrics": {},
  "published": "2026-03-18T18:16:24.477",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

WID-SEC-W-2026-0790

Vulnerability from csaf_certbund - Published: 2026-03-18 23:00 - Updated: 2026-03-26 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einem Denial-of-Service-Zustand, einer Rechteausweitung oder einer Speicherbeschädigung führen können.

Betroffene Betriebssysteme: - Linux

CVE-2025-71268

CVE-2025-71269

CVE-2025-71270

CVE-2026-23249

CVE-2026-23250

CVE-2026-23251

CVE-2026-23252

CVE-2026-23253

CVE-2026-23254

CVE-2026-23255

CVE-2026-23256

CVE-2026-23257

CVE-2026-23258

CVE-2026-23259

CVE-2026-23260

CVE-2026-23261

CVE-2026-23262

CVE-2026-23263

CVE-2026-23264

CVE-2026-23265

CVE-2026-23266

CVE-2026-23267

CVE-2026-23268

CVE-2026-23269

CVE-2026-23270

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://lore.kernel.org/linux-cve-announce/	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lore.kernel.org/linux-cve-announce/202603…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://kb.igel.com/en/security-safety/current/is…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einem Denial-of-Service-Zustand, einer Rechteausweitung oder einer Speicherbesch\u00e4digung f\u00fchren k\u00f6nnen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0790 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0790.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0790 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0790"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71268",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031814-CVE-2025-71268-057a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71269",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71269-b47d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71270",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71270-19ac@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23249",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031843-CVE-2026-23249-c309@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23250",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031845-CVE-2026-23250-271e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23251",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031845-CVE-2026-23251-259a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23252",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23252-6bef@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23253",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23253-b1c6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23254",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031817-CVE-2026-23254-6387@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23255",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031817-CVE-2026-23255-fc51@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23256",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23256-b93b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23257",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23257-bd18@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23258",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23258-d181@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23259",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23259-5bd7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23260",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23260-6464@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23261",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23261-f757@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23262",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23262-a421@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23263",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23263-5c88@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23264",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23264-fe5b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23265",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031853-CVE-2026-23265-6d01@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23266",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031853-CVE-2026-23266-b57b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23267",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031811-CVE-2026-23267-ff55@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23268",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23268-6be3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23269",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23269-2bf7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23270",
        "url": "https://lore.kernel.org/linux-cve-announce/2026031847-CVE-2026-23270-cb9a@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0961-1 vom 2026-03-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024805.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0962-1 vom 2026-03-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024803.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0984-1 vom 2026-03-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024841.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1003-1 vom 2026-03-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024925.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1041-1 vom 2026-03-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024928.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1078-1 vom 2026-03-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024954.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1077-1 vom 2026-03-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024956.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1081-1 vom 2026-03-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024953.html"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2026-07 vom 2026-03-26",
        "url": "https://kb.igel.com/en/security-safety/current/isn-2026-07-apparmor-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-26T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-27T09:01:23.025+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0790",
      "initial_release_date": "2026-03-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-23T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-24T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-25T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-26T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE und IGEL aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T051923",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-71268",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-71268"
    },
    {
      "cve": "CVE-2025-71269",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-71269"
    },
    {
      "cve": "CVE-2025-71270",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2025-71270"
    },
    {
      "cve": "CVE-2026-23249",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23249"
    },
    {
      "cve": "CVE-2026-23250",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23250"
    },
    {
      "cve": "CVE-2026-23251",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23251"
    },
    {
      "cve": "CVE-2026-23252",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23252"
    },
    {
      "cve": "CVE-2026-23253",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23253"
    },
    {
      "cve": "CVE-2026-23254",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23254"
    },
    {
      "cve": "CVE-2026-23255",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23255"
    },
    {
      "cve": "CVE-2026-23256",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23256"
    },
    {
      "cve": "CVE-2026-23257",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23257"
    },
    {
      "cve": "CVE-2026-23258",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23258"
    },
    {
      "cve": "CVE-2026-23259",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23259"
    },
    {
      "cve": "CVE-2026-23260",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23260"
    },
    {
      "cve": "CVE-2026-23261",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23261"
    },
    {
      "cve": "CVE-2026-23262",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23262"
    },
    {
      "cve": "CVE-2026-23263",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23263"
    },
    {
      "cve": "CVE-2026-23264",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23264"
    },
    {
      "cve": "CVE-2026-23265",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23265"
    },
    {
      "cve": "CVE-2026-23266",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23266"
    },
    {
      "cve": "CVE-2026-23267",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23267"
    },
    {
      "cve": "CVE-2026-23268",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23268"
    },
    {
      "cve": "CVE-2026-23269",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23269"
    },
    {
      "cve": "CVE-2026-23270",
      "product_status": {
        "known_affected": [
          "T002207",
          "T051923",
          "T017865"
        ]
      },
      "release_date": "2026-03-18T23:00:00.000+00:00",
      "title": "CVE-2026-23270"
    }
  ]
}

GHSA-5CRP-HWJ6-6WWW

Vulnerability from github – Published: 2026-03-18 18:31 – Updated: 2026-03-18 18:31

Details

In the Linux kernel, the following vulnerability has been resolved:

regmap: maple: free entry on mas_store_gfp() failure

regcache_maple_write() allocates a new block ('entry') to merge adjacent ranges and then stores it with mas_store_gfp(). When mas_store_gfp() fails, the new 'entry' remains allocated and is never freed, leaking memory.

Free 'entry' on the failure path; on success continue freeing the replaced neighbor blocks ('lower', 'upper').

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-23260"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-18T18:16:24Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: free entry on mas_store_gfp() failure\n\nregcache_maple_write() allocates a new block (\u0027entry\u0027) to merge\nadjacent ranges and then stores it with mas_store_gfp().\nWhen mas_store_gfp() fails, the new \u0027entry\u0027 remains allocated and\nis never freed, leaking memory.\n\nFree \u0027entry\u0027 on the failure path; on success continue freeing the\nreplaced neighbor blocks (\u0027lower\u0027, \u0027upper\u0027).",
  "id": "GHSA-5crp-hwj6-6www",
  "modified": "2026-03-18T18:31:18Z",
  "published": "2026-03-18T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23260"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-23260 (GCVE-0-2026-23260)

FKIE_CVE-2026-23260

WID-SEC-W-2026-0790

GHSA-5CRP-HWJ6-6WWW

Tags

Sightings

Nomenclature