Description
In the Linux kernel, the following vulnerability has been resolved:

most: core: fix leak on early registration failure

A recent commit fixed a resource leak on early registration failures but
for some reason left out the first error path which still leaks the
resources associated with the interface.

Fix up also the first error path so that the interface is always
released on errors.
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from a resource leak in the Linux kernel where an interface is not released when early registration failures occur. This flaw can cause accumulated unreleased memory or other kernel resources, leading to resource exhaustion and a potential denial of service. The weakness maps to CWE‑772, Suspicious Resource Deallocation.

Affected Systems

All Linux kernel implementations are affected until a patched kernel is deployed. The vendor identified is Linux, with the product being the Linux kernel; specific version details are not provided in the available data.

Risk and Exploitability

The exploitability is limited to contexts in which an attacker can compel interface registration failures. Based on the description, it is inferred that the likely attack vector is either local code execution that interacts with the kernel interface or a remote exploitation path that forces the registration routine to fail. The CVSS score of 5.5 indicates moderate severity. The EPSS score of < 1% indicates a low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Despite the moderate severity and low exploitation probability, the potential for resource exhaustion means the risk remains significant if the failure path can be triggered repeatedly.

Generated by OpenCVE AI on May 15, 2026 at 19:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the latest core patches fixing the resource leak. This is the primary protective measure.
  • If an immediate kernel upgrade is not feasible, consider disabling or limiting the use of the affected interface in the application layer to prevent registration attempts that could trigger the leak.
  • After applying the patch or workaround, monitor system logs for repeated registration failure messages and verify that resources are being freed correctly.

Generated by OpenCVE AI on May 15, 2026 at 19:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 09 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-363

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Fri, 08 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-363

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: most: core: fix leak on early registration failure A recent commit fixed a resource leak on early registration failures but for some reason left out the first error path which still leaks the resources associated with the interface. Fix up also the first error path so that the interface is always released on errors.
Title most: core: fix leak on early registration failure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:22:13.350Z

Reserved: 2026-05-01T14:12:56.001Z

Link: CVE-2026-43317

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:40.243

Modified: 2026-05-15T18:25:00.913

Link: CVE-2026-43317

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43317 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T19:30:05Z

Weaknesses