{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23160", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.979Z", "datePublished": "2026-02-14T16:01:25.900Z", "dateUpdated": "2026-02-14T16:01:25.900Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-02-14T16:01:25.900Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Fix memory leak in octep_device_setup()\n\nIn octep_device_setup(), if octep_ctrl_net_init() fails, the function\nreturns directly without unmapping the mapped resources and freeing the\nallocated configuration memory.\n\nFix this by jumping to the unsupported_dev label, which performs the\nnecessary cleanup. This aligns with the error handling logic of other\npaths in this function.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeon_ep/octep_main.c"], "versions": [{"version": "577f0d1b1c5f3282fa2011177b0af692a7c21aee", "lessThan": "5058d3f8f17202e673f90af1446252322bd0850f", "status": "affected", "versionType": "git"}, {"version": "577f0d1b1c5f3282fa2011177b0af692a7c21aee", "lessThan": "fdfd28e13c244d7c3345e74f339fd1b67605b694", "status": "affected", "versionType": "git"}, {"version": "577f0d1b1c5f3282fa2011177b0af692a7c21aee", "lessThan": "d753f3c3f9d7a6e6dbb4d3a97b73007d71624551", "status": "affected", "versionType": "git"}, {"version": "577f0d1b1c5f3282fa2011177b0af692a7c21aee", "lessThan": "8016dc5ee19a77678c264f8ba368b1e873fa705b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeon_ep/octep_main.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.123", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.69", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.9", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.6.123"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.12.69"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.18.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5058d3f8f17202e673f90af1446252322bd0850f"}, {"url": "https://git.kernel.org/stable/c/fdfd28e13c244d7c3345e74f339fd1b67605b694"}, {"url": "https://git.kernel.org/stable/c/d753f3c3f9d7a6e6dbb4d3a97b73007d71624551"}, {"url": "https://git.kernel.org/stable/c/8016dc5ee19a77678c264f8ba368b1e873fa705b"}], "title": "octeon_ep: Fix memory leak in octep_device_setup()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2B0B202-ECA1-40EF-8247-836A7D4E2A49", "versionEndExcluding": "6.6.123", "versionStartIncluding": "6.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F0D11B0-A3DA-4D8F-89B9-CFD2094EBA37", "versionEndExcluding": "6.12.69", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "171CFCB2-8F49-4F9E-8A67-FAC6BF45B5A2", "versionEndExcluding": "6.18.9", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Fix memory leak in octep_device_setup()\n\nIn octep_device_setup(), if octep_ctrl_net_init() fails, the function\nreturns directly without unmapping the mapped resources and freeing the\nallocated configuration memory.\n\nFix this by jumping to the unsupported_dev label, which performs the\nnecessary cleanup. This aligns with the error handling logic of other\npaths in this function.\n\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nocteon_ep: Correcci\u00f3n de fuga de memoria en octep_device_setup()\n\nEn octep_device_setup(), si octep_ctrl_net_init() falla, la funci\u00f3n retorna directamente sin desmapear los recursos mapeados y liberar la memoria de configuraci\u00f3n asignada.\n\nEsto se corrige saltando a la etiqueta unsupported_dev, la cual realiza la limpieza necesaria. Esto se alinea con la l\u00f3gica de manejo de errores de otras rutas en esta funci\u00f3n.\n\nProbado \u00fanicamente en compilaci\u00f3n. Problema encontrado usando una herramienta prototipo de an\u00e1lisis est\u00e1tico y revisi\u00f3n de c\u00f3digo."}], "id": "CVE-2026-23160", "lastModified": "2026-03-18T14:12:40.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2026-02-14T16:15:56.177", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5058d3f8f17202e673f90af1446252322bd0850f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8016dc5ee19a77678c264f8ba368b1e873fa705b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d753f3c3f9d7a6e6dbb4d3a97b73007d71624551"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fdfd28e13c244d7c3345e74f339fd1b67605b694"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: octeon_ep: Fix memory leak in octep_device_setup()", "id": "2439899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439899"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nocteon_ep: Fix memory leak in octep_device_setup()\nIn octep_device_setup(), if octep_ctrl_net_init() fails, the function\nreturns directly without unmapping the mapped resources and freeing the\nallocated configuration memory.\nFix this by jumping to the unsupported_dev label, which performs the\nnecessary cleanup. This aligns with the error handling logic of other\npaths in this function.\nCompile tested only. Issue found using a prototype static analysis tool\nand code review."], "name": "CVE-2026-23160", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23160\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23160\nhttps://lore.kernel.org/linux-cve-announce/2026021417-CVE-2026-23160-d1e6@gregkh/T"], "threat_severity": "Moderate"}

{"created": "2026-02-16T12:01:07.432621+00:00", "updated": "2026-02-16T12:01:07.432753+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}