CVE-2026-23013

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback<br /> <br /> octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to<br /> ioq_vector. If request_irq() fails part-way, the rollback loop calls<br /> free_irq() with dev_id set to &amp;#39;oct&amp;#39;, which does not match the original<br /> dev_id and may leave the irqaction registered.<br /> <br /> This can keep IRQ handlers alive while ioq_vector is later freed during<br /> unwind/teardown, leading to a use-after-free or crash when an interrupt<br /> fires.<br /> <br /> Fix the error path to free IRQs with the same ioq_vector dev_id used<br /> during request_irq().