CVE-2026-23258

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue where the netdev pointer is not initialized before queue setup in the setup nic devices() function. Specifically, the pointer to the network device structure is stored in oct->props[i].netdev after calls to netif set real num rx queues() and netif set real num tx queues(). If these functions fail, the function returns an error without freeing the allocated netdev, leading to a memory leak because oct->props[i].netdev remains NULL. The fix involves initializing oct->props[i].netdev before the queue setup functions are called, ensuring proper cleanup even if errors occur. The issue was identified using static analysis and code review.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.