Description
In the Linux kernel, the following vulnerability has been resolved:

net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

In setup_nic_devices(), the initialization loop jumps to the label
setup_nic_dev_free on failure. The current cleanup loop while(i--)
skip the failing index i, causing a memory leak.

Fix this by changing the loop to iterate from the current index i
down to 0.

Also, decrement i in the devlink_alloc failure path to point to the
last successfully allocated index.

Compile tested only. Issue found using code review.
Published: 2026-03-18
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel liquidio driver contains an off‑by‑one error in the PF setup_nic_devices() cleanup routine. When a network device fails to initialize, the cleanup loop skips the failing index, leaving a reference to the device unfreed and leaking kernel memory. This bug can accumulate over the life of the system, potentially exhausting memory or degrading performance.

Affected Systems

All Linux kernel builds that do not include the patch commit are affected, including release candidates 6.19rc1 through 6.19rc8 and any earlier stable releases lacking the update. Administrators should verify that the kernel image being used incorporates the commit listed in the advisory references and compare against local version strings.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity and the EPSS score of <1% suggests a low probability of exploitation. The bug is exercised during PF device initialization, so it would require a local user with the ability to load or reconfigure the liquidio driver to trigger the leak. Based on the description, it is inferred that local privileged users who can invoke device allocation are the likely attackers. The vulnerability is not listed in CISA’s KEV catalog, limiting immediate threat, but it still warrants remediation to prevent potential resource exhaustion.

Generated by OpenCVE AI on May 21, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the liquidio commit fixing the off‑by‑one error; this patches the CWE‑193 weakness by correcting the cleanup loop.
  • If a newer kernel is not yet available, unload and reload the liquidio module or reboot the system to clear any leaked instances and reinitialize the driver after the patch is applied.
  • Until a patch can be applied, disable PF support in the liquidio driver by setting "net.liquidio.pf" to "off" or removing the module configuration from the kernel build to prevent new leaks.

Generated by OpenCVE AI on May 21, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8278-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8289-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8296-1 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8296-2 Linux kernel (NVIDIA Tegra) vulnerabilities
History

Thu, 21 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772

Thu, 21 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-193
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-665

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CWE-665

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-193
CWE-401

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-193
CWE-401

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 19 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 18 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index. Compile tested only. Issue found using code review.
Title net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:03:21.725Z

Reserved: 2026-01-13T15:37:45.990Z

Link: CVE-2026-23257

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-18T18:16:23.997

Modified: 2026-05-21T00:11:32.420

Link: CVE-2026-23257

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2026-23257 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T05:30:03Z

Weaknesses