{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23023", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.941Z", "datePublished": "2026-01-31T11:39:06.718Z", "dateUpdated": "2026-05-11T21:58:30.691Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:30.691Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leak in idpf_vport_rel()\n\nFree vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory\nduring a reset. Reported by kmemleak:\n\nunreferenced object 0xff450acac838a000 (size 4096):\n comm \"kworker/u258:5\", pid 7732, jiffies 4296830044\n hex dump (first 32 bytes):\n 00 00 00 00 00 10 00 00 00 10 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 ................\n backtrace (crc 3da81902):\n __kmalloc_cache_noprof+0x469/0x7a0\n idpf_send_get_rx_ptype_msg+0x90/0x570 [idpf]\n idpf_init_task+0x1ec/0x8d0 [idpf]\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x251/0x2b0\n ret_from_fork_asm+0x1a/0x30"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/idpf/idpf_lib.c"], "versions": [{"version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34", "lessThan": "a4212d6732e3f674c6cc7d0b642f276d827e8f94", "status": "affected", "versionType": "git"}, {"version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34", "lessThan": "ec602a2a4071eb956d656ba968c58fee09f0622d", "status": "affected", "versionType": "git"}, {"version": "0fe45467a1041ea3657a7fa3a791c84c104fbd34", "lessThan": "f6242b354605faff263ca45882b148200915a3f6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/idpf/idpf_lib.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.66", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.6", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.66"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.18.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a4212d6732e3f674c6cc7d0b642f276d827e8f94"}, {"url": "https://git.kernel.org/stable/c/ec602a2a4071eb956d656ba968c58fee09f0622d"}, {"url": "https://git.kernel.org/stable/c/f6242b354605faff263ca45882b148200915a3f6"}], "title": "idpf: fix memory leak in idpf_vport_rel()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E2B7263-9D5B-469F-9346-50005F22DAD8", "versionEndExcluding": "6.12.66", "versionStartIncluding": "6.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "879529BC-5B4C-4EBE-BF1D-1A31404A8B2E", "versionEndExcluding": "6.18.6", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*", "matchCriteriaId": "62B55B1B-7D3E-499B-9C42-E9F1EF05A54A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*", "matchCriteriaId": "EB5B7DFC-C36B-45D8-922C-877569FDDF43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix memory leak in idpf_vport_rel()\n\nFree vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory\nduring a reset. Reported by kmemleak:\n\nunreferenced object 0xff450acac838a000 (size 4096):\n comm \"kworker/u258:5\", pid 7732, jiffies 4296830044\n hex dump (first 32 bytes):\n 00 00 00 00 00 10 00 00 00 10 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 ................\n backtrace (crc 3da81902):\n __kmalloc_cache_noprof+0x469/0x7a0\n idpf_send_get_rx_ptype_msg+0x90/0x570 [idpf]\n idpf_init_task+0x1ec/0x8d0 [idpf]\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x251/0x2b0\n ret_from_fork_asm+0x1a/0x30"}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nidpf: correcci\u00f3n de fuga de memoria en idpf_vport_rel()\n\nLibera vport->rx_ptype_lkup en idpf_vport_rel() para evitar la fuga de memoria durante un reinicio. Reportado por kmemleak:\n\nobjeto sin referencia 0xff450acac838a000 (tama\u00f1o 4096):\n comm 'kworker/u258:5', pid 7732, jiffies 4296830044\n volcado hexadecimal (primeros 32 bytes):\n 00 00 00 00 00 10 00 00 00 10 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 ................\n rastreo (crc 3da81902):\n __kmalloc_cache_noprof+0x469/0x7a0\n idpf_send_get_rx_ptype_msg+0x90/0x570 [idpf]\n idpf_init_task+0x1ec/0x8d0 [idpf]\n process_one_work+0x226/0x6d0\n worker_thread+0x19e/0x340\n kthread+0x10f/0x250\n ret_from_fork+0x251/0x2b0\n ret_from_fork_asm+0x1a/0x30"}], "id": "CVE-2026-23023", "lastModified": "2026-03-25T15:57:49.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-31T12:16:05.617", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a4212d6732e3f674c6cc7d0b642f276d827e8f94"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ec602a2a4071eb956d656ba968c58fee09f0622d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f6242b354605faff263ca45882b148200915a3f6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: idpf: fix memory leak in idpf_vport_rel()", "id": "2435663", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435663"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23023", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23023\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23023\nhttps://lore.kernel.org/linux-cve-announce/2026013136-CVE-2026-23023-0601@gregkh/T"], "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-18T00:56:31.684457+00:00", "value": {"mitigation_remediation": ["Upgrade the kernel to a version that includes the fix\u2014any release newer than 6.19\u2011rc8 or at least 6.8 will contain the corrected idpf_vport_rel logic.", "If an immediate kernel upgrade is not feasible, disable or unload the idpf driver on hosts where it is not required, or configure network interfaces to avoid frequent resets that would trigger the leak.", "Run kernel memory checks (e.g., kmemleak or dmesg) to monitor for orphaned objects and confirm that the leak no longer appears after applying the patch or disabling the driver."], "summary": {"action": "Patch Now", "impact": "Memory exhaustion"}, "threat_synthesis": {"affected_systems": "The flaw is present in the idpf driver code path that is compiled for the Linux kernel. It affects the kernel builds listed in the CPEs, notably 6.7 and all 6.19 release candidates up to rc8. Systems running any of these kernel versions that use the idpf driver are at risk; the issue does not affect other drivers or kernel components.", "description_and_impact": "The Linux kernel idpf driver contains a defect where the function idpf_vport_rel fails to free the rx_ptype_lkup data structure, causing a memory leak that is triggered during a reset. The leak accumulates a 4\u202fKiB object for every vport removed, potentially exhausting system memory over time. The vulnerability is catalogued as CWE\u2011401 and is not known to allow code execution or privilege escalation.", "risk_and_exploitability": "The CVSS base score is 5.5, indicating potential for moderate impact if memory exhaustion leads to degraded performance or a kernel panic. The EPSS score of less than 1% suggests that exploitation is unlikely, and the vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would need privileged kernel execution and an environment where the idpf driver is reset frequently to trigger the leak. Given the low exploit probability, patching remains the recommended approach."}}}}, "created": "2026-04-18T01:00:11.630818+00:00", "title": "Memory Leak During Network Interface Reset in Linux Kernel\u2019s idpf Driver", "updated": "2026-04-18T01:00:11.630829+00:00", "vendors": []}