CVE-2026-23464

MEDIUM

soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails, the function returns immediately without freeing the allocated memory for sys_controller, leading to a memory leak. Fix this by jumping to the out_free label to ensure the memory is properly freed. Also, consolidate the error handling for the mbox_request_channel() failure case to use the same label.

References (4)

Core 4

Core References

https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0

https://git.kernel.org/stable/c/e3dd5cffba07de6574165a72851471cd42cc6d15

https://git.kernel.org/stable/c/17c84fb7cf3971cc621646185d785670e9530ca1

https://git.kernel.org/stable/c/5a741f8cc6fe62542f955cd8d24933a1b6589cbd

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (13)

Linux/Linux < 6.8

Linux/Linux 6.12.78 - 6.12.*

Linux/Linux 6.18.20 - 6.18.*

Linux/Linux 6.19.10 - 6.19.*

Linux/Linux 6.8

Linux/Linux 7.0

Linux/Linux 7.0-rc5

Linux/Linux 742aa6c563d29c367edbf0ef7236a7a853ed9be4 - 17c84fb7cf3971cc621646185d785670e9530ca1

Linux/Linux 742aa6c563d29c367edbf0ef7236a7a853ed9be4 - 5a741f8cc6fe62542f955cd8d24933a1b6589cbd

Linux/Linux 742aa6c563d29c367edbf0ef7236a7a853ed9be4 - da4b44c42f40501db35f5d0a6243708a061490a0

... and 3 more

Published Apr 03, 2026

Tracked Since Apr 03, 2026