CVE-2026-23258

net: liquidio: Initialize netdev pointer before queue setup

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setup_nic_devices(), the netdev is allocated using alloc_etherdev_mq().
However, the pointer to this structure is stored in oct->props[i].netdev
only after the calls to netif_set_real_num_rx_queues() and
netif_set_real_num_tx_queues(). If either of these functions fails, setup_nic_devices() returns an error
without freeing the allocated netdev. Since oct->props[i].netdev is still
NULL at this point, the cleanup function liquidio_destroy_nic_device()
will fail to find and free the netdev, resulting in a memory leak. Fix this by initializing oct->props[i].netdev before calling the queue
setup functions. This ensures that the netdev is properly accessible for
cleanup in case of errors. Compile tested only. Issue found using a prototype static analysis tool
and code review.

En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: liquidio: Inicializar el puntero netdev antes de la configuración de la cola En setup_nic_devices(), el netdev se asigna usando alloc_etherdev_mq(). Sin embargo, el puntero a esta estructura se almacena en oct->props[i].netdev solo después de las llamadas a netif_set_real_num_rx_queues() y netif_set_real_num_tx_queues(). Si alguna de estas funciones falla, setup_nic_devices() devuelve un error sin liberar el netdev asignado. Dado que oct->props[i].netdev sigue siendo NULL en este punto, la función de limpieza liquidio_destroy_nic_device() no logrará encontrar y liberar el netdev, lo que resultará en una fuga de memoria. Corrija esto inicializando oct->props[i].netdev antes de llamar a las funciones de configuración de cola. Esto asegura que el netdev sea correctamente accesible para la limpieza en caso de errores. Probado solo en compilación. Problema encontrado usando una herramienta prototipo de análisis estático y revisión de código.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-01-13 CVE Reserved
2026-03-18 CVE Published
2026-04-19 EPSS Updated
2026-05-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/c33c997346c34ea7b89aec99524ad9632a2f1e0c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/be109646cdaecab262f6276303b1763468c94378	2026-02-11
https://git.kernel.org/stable/c/c81a8515fb8c8fb5d0dbc21f48337494bf1d60df	2026-02-11
https://git.kernel.org/stable/c/a0e57c0b68c9e6f9a8fd7c1167861a5a730eb2f4	2026-02-11
https://git.kernel.org/stable/c/c0ed6c77ec34050971fd0df2a94dfdea66d09331	2026-02-11
https://git.kernel.org/stable/c/1d4590fde856cb94bd9a46e795c29d8288c238fc	2026-02-11
https://git.kernel.org/stable/c/d028147ae06407cb355245db1774793600670169	2026-02-11
https://git.kernel.org/stable/c/926ede0c85e1e57c97d64d9612455267d597bb2c	2026-01-30

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.10.250 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.10.250"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.15.200 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.15.200"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.1.163 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.1.163"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.6.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.6.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.12.70 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.12.70"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.18.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.18.10"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.19"		en		Affected