CVE-2026-23464 - Vulnerability Details

- soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()

Description

In the Linux kernel, the following vulnerability has been resolved:

soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()

In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails,
the function returns immediately without freeing the allocated memory
for sys_controller, leading to a memory leak.

Fix this by jumping to the out_free label to ensure the memory is
properly freed.

Also, consolidate the error handling for the mbox_request_channel()
failure case to use the same label.

Published: 2026-04-03

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel, initializing the MPFS driver allocates a sys_controller structure. If the call to of_get_mtd_device_by_node fails, the function returns without freeing the allocation, creating a memory leak. Over time, repeated failures can exhaust kernel memory, potentially causing a kernel panic or degraded performance. This flaw is a resource‑exhaustion vulnerability (CWE‑772) and does not give an attacker code execution or data disclosure capabilities.

Affected Systems

Any installation of the Linux kernel that incorporates the Microchip MPFS system controller driver is affected. The vulnerability is not tied to a specific kernel version; therefore, all kernels that still contain the vulnerable code should be updated. Administrators should verify whether their deployments include MPFS support and whether the recent patch commit has been applied.

Risk and Exploitability

The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low likelihood of exploitation. Based on the description, the likely attack vector is local and would require an attacker who can trigger the driver’s initialization with a device tree node that causes of_get_mtd_device_by_node to fail. The impact is limited to service availability, with no data compromise or privilege escalation. The resource exhaustion could affect overall system stability, so the risk is moderate but the recommended response is prompt patching.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`742aa6c563d29c367edbf0ef7236a7a853ed9be4`	affected	< da4b44c42f40501db35f5d0a6243708a061490a0
`742aa6c563d29c367edbf0ef7236a7a853ed9be4`	affected	< e3dd5cffba07de6574165a72851471cd42cc6d15
`742aa6c563d29c367edbf0ef7236a7a853ed9be4`	affected	< 17c84fb7cf3971cc621646185d785670e9530ca1
`742aa6c563d29c367edbf0ef7236a7a853ed9be4`	affected	< 5a741f8cc6fe62542f955cd8d24933a1b6589cbd

Linux

affected

Version	Status	Constraints
`6.8`	affected	—
`0`	unaffected	< 6.8
`6.12.78`	unaffected	≤ 6.12.*
`6.18.20`	unaffected	≤ 6.18.*
`6.19.10`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[742aa6c563d29c367edbf0ef7236a7a853ed9be4,da4b44c42f40501db35f5d0a6243708a061490a0)`	affected	code_commit	—
`[742aa6c563d29c367edbf0ef7236a7a853ed9be4,e3dd5cffba07de6574165a72851471cd42cc6d15)`	affected	code_commit	—
`[742aa6c563d29c367edbf0ef7236a7a853ed9be4,17c84fb7cf3971cc621646185d785670e9530ca1)`	affected	code_commit	—
`[742aa6c563d29c367edbf0ef7236a7a853ed9be4,5a741f8cc6fe62542f955cd8d24933a1b6589cbd)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.8`	affected	generic	—
`[0,6.8)`	unaffected	generic	—
`[6.12.78,6.13.0)`	unaffected	semver	—
`[6.18.20,6.19.0)`	unaffected	semver	—
`[6.19.10,6.20.0)`	unaffected	semver	—
`[7.0-rc5,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that contains the mpfs_sys_controller_probe memory leak patch or apply the patch commit directly to the source
Reboot the system to unload and reload the MPFS driver and confirm the patch is in effect
Verify through dmesg or kernel logs that no further memory leaks occur during MPFS driver initialization
Monitor system memory usage for abnormal growth to ensure the leak has been fully resolved

Generated by OpenCVE AI on April 7, 2026 at 10:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6238-1	linux security update

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/17c84fb7cf3971cc621646185d785670e9530ca1
https://git.kernel.org/stable/c/5a741f8cc6fe62542f955cd8d24933a1b6589cbd
https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0
https://git.kernel.org/stable/c/e3dd5cffba07de6574165a72851471cd42cc6d15
https://lore.kernel.org/linux-cve-announce/2026040320-CVE-2026-23464-840f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23464
https://www.cve.org/CVERecord?id=CVE-2026-23464

History

Tue, 07 Apr 2026 08:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026040320-CVE-2026-23464-840f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23464 https://www.cve.org/CVERecord?id=CVE-2026-23464

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Fri, 03 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails, the function returns immediately without freeing the allocated memory for sys_controller, leading to a memory leak. Fix this by jumping to the out_free label to ensure the memory is properly freed. Also, consolidate the error handling for the mbox_request_channel() failure case to use the same label.
Title		soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/17c84fb7cf3971cc621646185d785670e9530ca1 https://git.kernel.org/stable/c/5a741f8cc6fe62542f955cd8d24933a1b6589cbd https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0 https://git.kernel.org/stable/c/e3dd5cffba07de6574165a72851471cd42cc6d15

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T15:15:43.137Z

Updated: 2026-04-13T06:07:58.722Z

Reserved: 2026-01-13T15:37:46.021Z

Link: CVE-2026-23464

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-03T16:16:33.697

Modified: 2026-04-07T13:20:55.200

Link: CVE-2026-23464

Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23464 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-08T19:53:42Z

Weaknesses

CWE-772

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object