CVE-2026-23257

MEDIUM

net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index. Compile tested only. Issue found using code review.

References (7)

Core 7

Core References

https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d

https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815

https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932

https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769

https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99

https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963

https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-193

Status published

Products (24)

linux/Kernel 4.2.0 - 5.10.250linux

linux/Kernel 5.11.0 - 5.15.200linux

linux/Kernel 5.16.0 - 6.1.163linux

linux/Kernel 6.13.0 - 6.18.10linux

linux/Kernel 6.2.0 - 6.6.124linux

linux/Kernel 6.7.0 - 6.12.70linux

Linux/Linux < 4.2

Linux/Linux 4.2

Linux/Linux 5.10.250 - 5.10.*

Linux/Linux 5.15.200 - 5.15.*

... and 14 more

Published Mar 18, 2026

Tracked Since Mar 18, 2026