Description
In the Linux kernel, the following vulnerability has been resolved:

idpf: fix memory leak in idpf_vc_core_deinit()

Make sure to free hw->lan_regs. Reported by kmemleak during reset:

unreferenced object 0xff1b913d02a936c0 (size 96):
comm "kworker/u258:14", pid 2174, jiffies 4294958305
hex dump (first 32 bytes):
00 00 00 c0 a8 ba 2d ff 00 00 00 00 00 00 00 00 ......-.........
00 00 40 08 00 00 00 00 00 00 25 b3 a8 ba 2d ff ..@.......%...-.
backtrace (crc 36063c4f):
__kmalloc_noprof+0x48f/0x890
idpf_vc_core_init+0x6ce/0x9b0 [idpf]
idpf_vc_event_task+0x1fb/0x350 [idpf]
process_one_work+0x226/0x6d0
worker_thread+0x19e/0x340
kthread+0x10f/0x250
ret_from_fork+0x251/0x2b0
ret_from_fork_asm+0x1a/0x30
Published: 2026-01-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service through memory exhaustion
Action: Apply Patch
AI Analysis

Impact

A memory leak in the Linux idpf driver occurs when idpf_vc_core_deinit() fails to free the hw->lan_regs structure. The defect allows kernel memory allocations to remain after a reset and are reported by the kmemleak tool. Over time, the repeated allocation of these objects can exhaust kernel memory and destabilise the operating system, resulting in a denial‑of‑service condition. The flaw is a direct instance of CWE‑401, which is a classic memory management weakness.

Affected Systems

The vulnerability applies to the mainline Linux kernel, specifically to kernel versions 6.17 and all 6.19 release candidates from rc1 to rc8. Any distribution that runs these kernel releases with the idpf driver loaded is potentially exposed.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium impact. The EPSS score is reported as less than 1%, suggesting a very low chance of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, implying that no known publicly available exploits exist. Based on the description, it is inferred that the attack vector is local and requires privileged code execution that can trigger a kernel reset to invoke the leaking path.

Generated by OpenCVE AI on April 18, 2026 at 14:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes the idpf_vc_core_deinit() memory‑deallocation fix, such as any stable kernel following 6.19rc8.
  • If an immediate kernel upgrade is not possible, disable or unload the idpf driver to prevent the reset path that causes the leak from being exercised.
  • Enable and configure kmemleak or equivalent kernel memory‑leak detection tools to alert when an unreferenced hw->lan_regs object is detected, allowing early detection of regressions.

Generated by OpenCVE AI on April 18, 2026 at 14:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:6.17:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 02 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Sat, 31 Jan 2026 11:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_vc_core_deinit() Make sure to free hw->lan_regs. Reported by kmemleak during reset: unreferenced object 0xff1b913d02a936c0 (size 96): comm "kworker/u258:14", pid 2174, jiffies 4294958305 hex dump (first 32 bytes): 00 00 00 c0 a8 ba 2d ff 00 00 00 00 00 00 00 00 ......-......... 00 00 40 08 00 00 00 00 00 00 25 b3 a8 ba 2d ff ..@.......%...-. backtrace (crc 36063c4f): __kmalloc_noprof+0x48f/0x890 idpf_vc_core_init+0x6ce/0x9b0 [idpf] idpf_vc_event_task+0x1fb/0x350 [idpf] process_one_work+0x226/0x6d0 worker_thread+0x19e/0x340 kthread+0x10f/0x250 ret_from_fork+0x251/0x2b0 ret_from_fork_asm+0x1a/0x30
Title idpf: fix memory leak in idpf_vc_core_deinit()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:37:16.041Z

Reserved: 2026-01-13T15:37:45.941Z

Link: CVE-2026-23022

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-01-31T12:16:05.517

Modified: 2026-03-25T15:56:44.973

Link: CVE-2026-23022

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-01-31T00:00:00Z

Links: CVE-2026-23022 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:30:02Z

Weaknesses