CVE-2026-23164
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/02/2026
Last modified:
14/02/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
rocker: fix memory leak in rocker_world_port_post_fini()<br />
<br />
In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with<br />
kzalloc(wops->port_priv_size, GFP_KERNEL). However, in<br />
rocker_world_port_post_fini(), the memory is only freed when<br />
wops->port_post_fini callback is set:<br />
<br />
if (!wops->port_post_fini)<br />
return;<br />
wops->port_post_fini(rocker_port);<br />
kfree(rocker_port->wpriv);<br />
<br />
Since rocker_ofdpa_ops does not implement port_post_fini callback<br />
(it is NULL), the wpriv memory allocated for each port is never freed<br />
when ports are removed. This leads to a memory leak of<br />
sizeof(struct ofdpa_port) bytes per port on every device removal.<br />
<br />
Fix this by always calling kfree(rocker_port->wpriv) regardless of<br />
whether the port_post_fini callback exists.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3
- https://git.kernel.org/stable/c/8ce2e85889939c02740b4245301aa5c35fc94887
- https://git.kernel.org/stable/c/8d7ba71e46216b8657a82ca2ec118bc93812a4d0
- https://git.kernel.org/stable/c/b11e6f926480ab0939fec44781f28558c54be4e7
- https://git.kernel.org/stable/c/d448bf96889f1905e740c554780f5c9fa0440566
- https://git.kernel.org/stable/c/d8723917efda3b4f4c3de78d1ec1e1af015c0be1
- https://git.kernel.org/stable/c/dce375f4afc348c310d171abcde7ec1499a4c26a