{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23038", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.943Z", "datePublished": "2026-01-31T11:42:32.599Z", "dateUpdated": "2026-05-11T21:58:48.041Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:48.041Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()\n\nIn nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails,\nthe function jumps to the out_scratch label without freeing the already\nallocated dsaddrs list, leading to a memory leak.\n\nFix this by jumping to the out_err_drain_dsaddrs label, which properly\nfrees the dsaddrs list before cleaning up other resources."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfs/flexfilelayout/flexfilelayoutdev.c"], "versions": [{"version": "d67ae825a59d639e4d8b82413af84d854617a87e", "lessThan": "e2dde5dafb80f1af4028ed10ad255f42af71c784", "status": "affected", "versionType": "git"}, {"version": "d67ae825a59d639e4d8b82413af84d854617a87e", "lessThan": "27c90d8ed81e7a289c9fe41b5e31d8bb609a3385", "status": "affected", "versionType": "git"}, {"version": "d67ae825a59d639e4d8b82413af84d854617a87e", "lessThan": "34b9dd179818ff7af2b36410985fd8166573c62d", "status": "affected", "versionType": "git"}, {"version": "d67ae825a59d639e4d8b82413af84d854617a87e", "lessThan": "869862056e100973e76ce9f5f1b01837771b7722", "status": "affected", "versionType": "git"}, {"version": "d67ae825a59d639e4d8b82413af84d854617a87e", "lessThan": "86da7efd12295a7e2b4abde5e5984c821edd938f", "status": "affected", "versionType": "git"}, {"version": "d67ae825a59d639e4d8b82413af84d854617a87e", "lessThan": "ed5d3f2f6885eb99f729e6ffd946e3aa058bd3eb", "status": "affected", "versionType": "git"}, {"version": "d67ae825a59d639e4d8b82413af84d854617a87e", "lessThan": "0c728083654f0066f5e10a1d2b0bd0907af19a58", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/nfs/flexfilelayout/flexfilelayoutdev.c"], "versions": [{"version": "4.0", "status": "affected"}, {"version": "0", "lessThan": "4.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.67", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.12.67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e2dde5dafb80f1af4028ed10ad255f42af71c784"}, {"url": "https://git.kernel.org/stable/c/27c90d8ed81e7a289c9fe41b5e31d8bb609a3385"}, {"url": "https://git.kernel.org/stable/c/34b9dd179818ff7af2b36410985fd8166573c62d"}, {"url": "https://git.kernel.org/stable/c/869862056e100973e76ce9f5f1b01837771b7722"}, {"url": "https://git.kernel.org/stable/c/86da7efd12295a7e2b4abde5e5984c821edd938f"}, {"url": "https://git.kernel.org/stable/c/ed5d3f2f6885eb99f729e6ffd946e3aa058bd3eb"}, {"url": "https://git.kernel.org/stable/c/0c728083654f0066f5e10a1d2b0bd0907af19a58"}], "title": "pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()\n\nIn nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails,\nthe function jumps to the out_scratch label without freeing the already\nallocated dsaddrs list, leading to a memory leak.\n\nFix this by jumping to the out_err_drain_dsaddrs label, which properly\nfrees the dsaddrs list before cleaning up other resources."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\npnfs/flexfiles: Correcci\u00f3n de fuga de memoria en nfs4_ff_alloc_deviceid_node()\n\nEn nfs4_ff_alloc_deviceid_node(), si la asignaci\u00f3n para ds_versions falla, la funci\u00f3n salta a la etiqueta out_scratch sin liberar la lista dsaddrs ya asignada, lo que lleva a una fuga de memoria.\n\nCorrija esto al saltar a la etiqueta out_err_drain_dsaddrs, que libera correctamente la lista dsaddrs antes de limpiar otros recursos."}], "id": "CVE-2026-23038", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-01-31T12:16:07.110", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0c728083654f0066f5e10a1d2b0bd0907af19a58"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/27c90d8ed81e7a289c9fe41b5e31d8bb609a3385"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/34b9dd179818ff7af2b36410985fd8166573c62d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/869862056e100973e76ce9f5f1b01837771b7722"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/86da7efd12295a7e2b4abde5e5984c821edd938f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e2dde5dafb80f1af4028ed10ad255f42af71c784"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ed5d3f2f6885eb99f729e6ffd946e3aa058bd3eb"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()", "id": "2435670", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435670"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\npnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node()\nIn nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails,\nthe function jumps to the out_scratch label without freeing the already\nallocated dsaddrs list, leading to a memory leak.\nFix this by jumping to the out_err_drain_dsaddrs label, which properly\nfrees the dsaddrs list before cleaning up other resources."], "name": "CVE-2026-23038", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23038\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23038\nhttps://lore.kernel.org/linux-cve-announce/2026013122-CVE-2026-23038-2453@gregkh/T"], "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-18T14:21:36.448823+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the patch identified in the advisory (for example, the commit referenced in the provided links).", "Reboot the system after applying the update to load the new kernel image.", "If the NFS flexfiles feature is not required in your environment, disable the pnfs subsystem or avoid using NFS4 flexfiles commands to eliminate the function that contains the leak."], "summary": {"action": "Patch", "impact": "Denial of Service via Resource Exhaustion"}, "threat_synthesis": {"affected_systems": "This issue affects all Linux kernel releases that include the pnfs/flexfiles infrastructure. No specific version range is defined in the advisory, so any kernel that incorporates this subsystem is potentially impacted until the vendor distributes an updated image containing the patch.", "description_and_impact": "A memory leak is introduced in the Linux kernel\u2019s pnfs/flexfiles subsystem when the function nfs4_ff_alloc_deviceid_node() fails to free the dsaddrs list after a memory allocation failure. Over repeated calls, the leaked kernel memory can accumulate, eventually exhausting available memory and causing system slowdown or a crash. The flaw does not provide code execution or privilege escalation directly; it simply corrupts resource accounting and can cause a denial of service that would require local or privileged access to trigger repeatedly.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 7.0, indicating a serious impact. Its EPSS score is less than 1% and it is not listed in the CISA KEV catalog, suggesting that exploitation in the wild is unlikely. The flaw requires that an attacker can cause the failing allocation path to execute, which typically demands local or elevated privileges. If successfully exercised, the attacker could drain system memory and drive the host into an unusable state, but the risk remains bounded to denial of service rather than data compromise or code execution."}}}}, "created": "2026-04-18T14:30:02.942664+00:00", "updated": "2026-04-18T14:30:02.942676+00:00", "vendors": [], "weaknesses": ["CWE-401"]}