CVE-2026-23164

EUVD-2026-5873
In the Linux kernel, the following vulnerability has been resolved:

rocker: fix memory leak in rocker_world_port_post_fini()

In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with
kzalloc(wops->port_priv_size, GFP_KERNEL). However, in
rocker_world_port_post_fini(), the memory is only freed when
wops->port_post_fini callback is set:

    if (!wops->port_post_fini)
        return;
    wops->port_post_fini(rocker_port);
    kfree(rocker_port->wpriv);

Since rocker_ofdpa_ops does not implement port_post_fini callback
(it is NULL), the wpriv memory allocated for each port is never freed
when ports are removed. This leads to a memory leak of
sizeof(struct ofdpa_port) bytes per port on every device removal.

Fix this by always calling kfree(rocker_port->wpriv) regardless of
whether the port_post_fini callback exists.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
6.1.162-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.249-1
fixed
forky
6.18.9-1
fixed
sid
6.18.12-1
fixed
trixie
vulnerable
trixie (security)
6.12.73-1
fixed
References
https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3
https://git.kernel.org/stable/c/8ce2e85889939c02740b4245301aa5c35fc94887
https://git.kernel.org/stable/c/8d7ba71e46216b8657a82ca2ec118bc93812a4d0
https://git.kernel.org/stable/c/b11e6f926480ab0939fec44781f28558c54be4e7
https://git.kernel.org/stable/c/d448bf96889f1905e740c554780f5c9fa0440566
https://git.kernel.org/stable/c/d8723917efda3b4f4c3de78d1ec1e1af015c0be1
https://git.kernel.org/stable/c/dce375f4afc348c310d171abcde7ec1499a4c26a