CVE-2026-23257 - Vulnerability Details

- net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

Description

In the Linux kernel, the following vulnerability has been resolved:

net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

In setup_nic_devices(), the initialization loop jumps to the label
setup_nic_dev_free on failure. The current cleanup loop while(i--)
skip the failing index i, causing a memory leak.

Fix this by changing the loop to iterate from the current index i
down to 0.

Also, decrement i in the devlink_alloc failure path to point to the
last successfully allocated index.

Compile tested only. Issue found using code review.

Published: 2026-03-18

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An off‑by‑one error in the Linux kernel’s liquidio driver causes the cleanup routine to skip the last allocated network device when failure occurs, which results in a memory leak. Over time the unreleased memory accumulates, potentially exhausting system memory and degrading kernel performance. While the advisory does not confirm a direct denial of service, the leakage could impinge on overall system stability if the condition repeats.

Affected Systems

The flaw exists in the pool‑fabric (PF) support of the liquidio network driver within the Linux kernel. The advisory does not specify which kernel releases are affected; however, any kernel build that did not incorporate the referenced patch commit remains vulnerable. Administrators should review their kernel version against the commit list linked in the references to determine eligibility for the fix.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. Because the bug resides in code executed during device initialization, the attack vector is inferred to be local with privileged kernel access. No public exploit is documented, and the vulnerability is not present in the CISA KEV catalog, which collectively limits immediate threat but still warrants timely mitigation to avoid potential resource exhaustion.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`f21fb3ed364bb83533c5efe19354e337ea9ecda9`	affected	< af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d
`f21fb3ed364bb83533c5efe19354e337ea9ecda9`	affected	< d86c58eb005eb99da402452f3db7a6e0eae32815
`f21fb3ed364bb83533c5efe19354e337ea9ecda9`	affected	< f1216b80c9040a904d2ad7c8cd24ca0ff1f36932
`f21fb3ed364bb83533c5efe19354e337ea9ecda9`	affected	< a0d2389c8cdc1f05de5eb8663bffe9ed05dca769
`f21fb3ed364bb83533c5efe19354e337ea9ecda9`	affected	< f86bd16280a0f88b538394e0565c56ce4756da99
`f21fb3ed364bb83533c5efe19354e337ea9ecda9`	affected	< 293eaad0d6d6b2a37a458c7deb7be345349cd963
`f21fb3ed364bb83533c5efe19354e337ea9ecda9`	affected	< 8558aef4e8a1a83049ab906d21d391093cfa7e7f

Linux

affected

Version	Status	Constraints
`4.2`	affected	—
`0`	unaffected	< 4.2
`5.10.250`	unaffected	≤ 5.10.*
`5.15.200`	unaffected	≤ 5.15.*
`6.1.163`	unaffected	≤ 6.1.*
`6.6.124`	unaffected	≤ 6.6.*
`6.12.70`	unaffected	≤ 6.12.*
`6.18.10`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[f21fb3ed364bb83533c5efe19354e337ea9ecda9,af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d)`	affected	code_commit	—
`[f21fb3ed364bb83533c5efe19354e337ea9ecda9,d86c58eb005eb99da402452f3db7a6e0eae32815)`	affected	code_commit	—
`[f21fb3ed364bb83533c5efe19354e337ea9ecda9,f1216b80c9040a904d2ad7c8cd24ca0ff1f36932)`	affected	code_commit	—
`[f21fb3ed364bb83533c5efe19354e337ea9ecda9,a0d2389c8cdc1f05de5eb8663bffe9ed05dca769)`	affected	code_commit	—
`[f21fb3ed364bb83533c5efe19354e337ea9ecda9,f86bd16280a0f88b538394e0565c56ce4756da99)`	affected	code_commit	—
`[f21fb3ed364bb83533c5efe19354e337ea9ecda9,293eaad0d6d6b2a37a458c7deb7be345349cd963)`	affected	code_commit	—
`[f21fb3ed364bb83533c5efe19354e337ea9ecda9,8558aef4e8a1a83049ab906d21d391093cfa7e7f)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.2`	affected	generic	—
`[0,4.2)`	unaffected	generic	—
`[5.10.250,5.11.0)`	unaffected	semver	—
`[5.15.200,5.16.0)`	unaffected	semver	—
`[6.1.163,6.2.0)`	unaffected	semver	—
`[6.6.124,6.7.0)`	unaffected	semver	—
`[6.12.70,6.13.0)`	unaffected	semver	—
`[6.18.10,6.19.0)`	unaffected	semver	—
`[6.19,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update containing the liquidio off‑by‑one fix shown in the referenced commit logs.
Reboot the system after the update to reload the driver.
Verify the running kernel version to confirm the presence of the fix.
Monitor system memory and network device activity for signs of continued leaks.
If an update is unavailable, consider disabling the liquidio interface or restricting privileges that trigger device allocation until a patch is applied.

Generated by OpenCVE AI on March 27, 2026 at 11:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00035.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963
https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f
https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769
https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d
https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815
https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932
https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99
https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23257-bd18@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23257
https://www.cve.org/CVERecord?id=CVE-2026-23257

History

Fri, 27 Mar 2026 20:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772

Fri, 27 Mar 2026 10:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401 CWE-665

Fri, 27 Mar 2026 08:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401 CWE-665

Thu, 26 Mar 2026 14:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-193 CWE-401

Wed, 25 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-193 CWE-401

Wed, 25 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Tue, 24 Mar 2026 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Thu, 19 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23257-bd18@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23257 https://www.cve.org/CVERecord?id=CVE-2026-23257
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 18 Mar 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index. Compile tested only. Issue found using code review.
Title		net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963 https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769 https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815 https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932 https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-18T17:41:04.078Z

Updated: 2026-03-18T17:41:04.078Z

Reserved: 2026-01-13T15:37:45.990Z

Link: CVE-2026-23257

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-03-18T18:16:23.997

Modified: 2026-03-19T13:25:00.570

Link: CVE-2026-23257

Redhat

Severity : Moderate

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2026-23257 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-27T15:48:22Z

Weaknesses

CWE-772

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object