{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23164", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.980Z", "datePublished": "2026-02-14T16:01:28.624Z", "dateUpdated": "2026-05-11T22:01:31.474Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:01:31.474Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrocker: fix memory leak in rocker_world_port_post_fini()\n\nIn rocker_world_port_pre_init(), rocker_port->wpriv is allocated with\nkzalloc(wops->port_priv_size, GFP_KERNEL). However, in\nrocker_world_port_post_fini(), the memory is only freed when\nwops->port_post_fini callback is set:\n\n if (!wops->port_post_fini)\n return;\n wops->port_post_fini(rocker_port);\n kfree(rocker_port->wpriv);\n\nSince rocker_ofdpa_ops does not implement port_post_fini callback\n(it is NULL), the wpriv memory allocated for each port is never freed\nwhen ports are removed. This leads to a memory leak of\nsizeof(struct ofdpa_port) bytes per port on every device removal.\n\nFix this by always calling kfree(rocker_port->wpriv) regardless of\nwhether the port_post_fini callback exists."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/rocker/rocker_main.c"], "versions": [{"version": "e420114eef4a3a5025a243b89b0dc343101e3d3c", "lessThan": "2a3a64d75d2d0727da285749476761ebcad557a3", "status": "affected", "versionType": "git"}, {"version": "e420114eef4a3a5025a243b89b0dc343101e3d3c", "lessThan": "b11e6f926480ab0939fec44781f28558c54be4e7", "status": "affected", "versionType": "git"}, {"version": "e420114eef4a3a5025a243b89b0dc343101e3d3c", "lessThan": "8ce2e85889939c02740b4245301aa5c35fc94887", "status": "affected", "versionType": "git"}, {"version": "e420114eef4a3a5025a243b89b0dc343101e3d3c", "lessThan": "d448bf96889f1905e740c554780f5c9fa0440566", "status": "affected", "versionType": "git"}, {"version": "e420114eef4a3a5025a243b89b0dc343101e3d3c", "lessThan": "d8723917efda3b4f4c3de78d1ec1e1af015c0be1", "status": "affected", "versionType": "git"}, {"version": "e420114eef4a3a5025a243b89b0dc343101e3d3c", "lessThan": "dce375f4afc348c310d171abcde7ec1499a4c26a", "status": "affected", "versionType": "git"}, {"version": "e420114eef4a3a5025a243b89b0dc343101e3d3c", "lessThan": "8d7ba71e46216b8657a82ca2ec118bc93812a4d0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/rocker/rocker_main.c"], "versions": [{"version": "4.6", "status": "affected"}, {"version": "0", "lessThan": "4.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.123", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.69", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.9", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.6.123"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.12.69"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.18.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3"}, {"url": "https://git.kernel.org/stable/c/b11e6f926480ab0939fec44781f28558c54be4e7"}, {"url": "https://git.kernel.org/stable/c/8ce2e85889939c02740b4245301aa5c35fc94887"}, {"url": "https://git.kernel.org/stable/c/d448bf96889f1905e740c554780f5c9fa0440566"}, {"url": "https://git.kernel.org/stable/c/d8723917efda3b4f4c3de78d1ec1e1af015c0be1"}, {"url": "https://git.kernel.org/stable/c/dce375f4afc348c310d171abcde7ec1499a4c26a"}, {"url": "https://git.kernel.org/stable/c/8d7ba71e46216b8657a82ca2ec118bc93812a4d0"}], "title": "rocker: fix memory leak in rocker_world_port_post_fini()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CE9DC81-478D-4196-99ED-64EB5DBF5D35", "versionEndExcluding": "5.10.249", "versionStartIncluding": "4.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A247FBA6-BEB9-484F-B892-DD5517949CCD", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "316D8D4E-FE44-4C76-8403-63CAF51EEFC2", "versionEndExcluding": "6.6.123", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F0D11B0-A3DA-4D8F-89B9-CFD2094EBA37", "versionEndExcluding": "6.12.69", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "171CFCB2-8F49-4F9E-8A67-FAC6BF45B5A2", "versionEndExcluding": "6.18.9", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrocker: fix memory leak in rocker_world_port_post_fini()\n\nIn rocker_world_port_pre_init(), rocker_port->wpriv is allocated with\nkzalloc(wops->port_priv_size, GFP_KERNEL). However, in\nrocker_world_port_post_fini(), the memory is only freed when\nwops->port_post_fini callback is set:\n\n if (!wops->port_post_fini)\n return;\n wops->port_post_fini(rocker_port);\n kfree(rocker_port->wpriv);\n\nSince rocker_ofdpa_ops does not implement port_post_fini callback\n(it is NULL), the wpriv memory allocated for each port is never freed\nwhen ports are removed. This leads to a memory leak of\nsizeof(struct ofdpa_port) bytes per port on every device removal.\n\nFix this by always calling kfree(rocker_port->wpriv) regardless of\nwhether the port_post_fini callback exists."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nrocker: corregir fuga de memoria en rocker_world_port_post_fini()\n\nEn rocker_world_port_pre_init(), rocker_port->wpriv se asigna con kzalloc(wops->port_priv_size, GFP_KERNEL). Sin embargo, en rocker_world_port_post_fini(), la memoria solo se libera cuando la devoluci\u00f3n de llamada wops->port_post_fini est\u00e1 establecida:\n\n si (!wops->port_post_fini)\n retornar;\n wops->port_post_fini(rocker_port);\n kfree(rocker_port->wpriv);\n\nDado que rocker_ofdpa_ops no implementa la devoluci\u00f3n de llamada port_post_fini (es NULL), la memoria wpriv asignada para cada puerto nunca se libera cuando se eliminan los puertos. Esto conduce a una fuga de memoria de sizeof(struct ofdpa_port) bytes por puerto en cada eliminaci\u00f3n de dispositivo.\n\nSolucione esto llamando siempre a kfree(rocker_port->wpriv) independientemente de si existe la devoluci\u00f3n de llamada port_post_fini."}], "id": "CVE-2026-23164", "lastModified": "2026-03-18T15:03:29.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-14T16:15:56.590", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8ce2e85889939c02740b4245301aa5c35fc94887"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8d7ba71e46216b8657a82ca2ec118bc93812a4d0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b11e6f926480ab0939fec44781f28558c54be4e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d448bf96889f1905e740c554780f5c9fa0440566"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d8723917efda3b4f4c3de78d1ec1e1af015c0be1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dce375f4afc348c310d171abcde7ec1499a4c26a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: rocker: fix memory leak in rocker_world_port_post_fini()", "id": "2439892", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439892"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nrocker: fix memory leak in rocker_world_port_post_fini()\nIn rocker_world_port_pre_init(), rocker_port->wpriv is allocated with\nkzalloc(wops->port_priv_size, GFP_KERNEL). However, in\nrocker_world_port_post_fini(), the memory is only freed when\nwops->port_post_fini callback is set:\nif (!wops->port_post_fini)\nreturn;\nwops->port_post_fini(rocker_port);\nkfree(rocker_port->wpriv);\nSince rocker_ofdpa_ops does not implement port_post_fini callback\n(it is NULL), the wpriv memory allocated for each port is never freed\nwhen ports are removed. This leads to a memory leak of\nsizeof(struct ofdpa_port) bytes per port on every device removal.\nFix this by always calling kfree(rocker_port->wpriv) regardless of\nwhether the port_post_fini callback exists."], "name": "CVE-2026-23164", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23164\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23164\nhttps://lore.kernel.org/linux-cve-announce/2026021419-CVE-2026-23164-9874@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e420114eef4a3a5025a243b89b0dc343101e3d3c,2a3a64d75d2d0727da285749476761ebcad557a3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e420114eef4a3a5025a243b89b0dc343101e3d3c,b11e6f926480ab0939fec44781f28558c54be4e7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e420114eef4a3a5025a243b89b0dc343101e3d3c,8ce2e85889939c02740b4245301aa5c35fc94887)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e420114eef4a3a5025a243b89b0dc343101e3d3c,d448bf96889f1905e740c554780f5c9fa0440566)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e420114eef4a3a5025a243b89b0dc343101e3d3c,d8723917efda3b4f4c3de78d1ec1e1af015c0be1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e420114eef4a3a5025a243b89b0dc343101e3d3c,dce375f4afc348c310d171abcde7ec1499a4c26a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e420114eef4a3a5025a243b89b0dc343101e3d3c,8d7ba71e46216b8657a82ca2ec118bc93812a4d0)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "calver", "value": "4.6"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,4.6)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.249,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.199,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.162,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.123,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.69,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.9,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-18T12:17:53.551522+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that contains the rocker driver patch introduced after the commit that removes the conditional free call.", "Configure automatic kernel updates or monitor vendor advisories to ensure the patch is applied without delay.", "Until the patch is in place, avoid removing rocker ports; if deletions are necessary, reboot the system periodically to reclaim leaked memory and monitor kernel memory usage for abnormal growth."], "summary": {"action": "Update Kernel", "impact": "Memory Leak"}, "threat_synthesis": {"affected_systems": "All releases of the Linux kernel that contain the unpatched rocker code are affected, including 6.19 RC1 through RC7 and any subsequent kernel versions compiled without this patch. The vulnerability is present in all Linux distributions that ship with the affected kernel code until the fix is applied.", "description_and_impact": "This vulnerability resides in the Linux kernel's rocker driver. When a rocker port is removed, the kernel allocates memory for the port\u2019s private data but fails to free it unless a port_post_fini callback is defined. Because the default rocker_ofdpa_ops implementation does not provide such a callback, each port removal leaks a sizeof(struct ofdpa_port) buffer. Repeated removals can accumulate enough leaked memory to exhaust kernel space, potentially causing a degraded performance or a kernel out\u2011of\u2011memory condition.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% suggests a low likelihood of current exploitation. The issue requires local, privileged access to manipulate rocker ports, making it a local software vulnerability. It is not listed in CISA\u2019s KEV catalog. An attacker who repeatedly removes and recreates rocker ports could gradually deplete kernel memory, impacting system availability."}}}}, "created": "2026-02-16T09:44:27.307849+00:00", "updated": "2026-04-18T12:30:45.449060+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}