CVE-2026-23160

EUVD-2026-5879

14.02.2026, 16:15

In the Linux kernel, the following vulnerability has been resolved:

octeon_ep: Fix memory leak in octep_device_setup()

In octep_device_setup(), if octep_ctrl_net_init() fails, the function
returns directly without unmapping the mapped resources and freeing the
allocated configuration memory.

Fix this by jumping to the unsupported_dev label, which performs the
necessary cleanup. This aligns with the error handling logic of other
paths in this function.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.159-1 not-affected
bookworm (security)	6.1.162-1 fixed
bullseye	5.10.223-1 not-affected
bullseye (security)	5.10.249-1 fixed
forky	6.18.9-1 fixed
sid	6.18.12-1 fixed
trixie	vulnerable
trixie (security)	6.12.73-1 fixed

References

https://git.kernel.org/stable/c/5058d3f8f17202e673f90af1446252322bd0850f

https://git.kernel.org/stable/c/8016dc5ee19a77678c264f8ba368b1e873fa705b

https://git.kernel.org/stable/c/d753f3c3f9d7a6e6dbb4d3a97b73007d71624551

https://git.kernel.org/stable/c/fdfd28e13c244d7c3345e74f339fd1b67605b694