CVE-2026-23261

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue where the admin tagset is not released if initialization fails during NVMe/FC controller creation. Specifically, the nvme fabrics component creates an NVMe/FC controller through a series of function calls: nvmf dev write(), nvmf create ctrl(), nvme fc create ctrl(), and nvme fc init ctrl(). If any step after nvme add ctrl() succeeds fails, the controller references are torn down, but the admin queue and tag set are not freed, leading to memory leaks. The issue is addressed by checking ctrl->ctrl.admin tagset in the fail path and calling nvme remove admin tag set() to reclaim all admin queue allocations when controller setup aborts. The vulnerable functions involved are nvmf dev write(), nvmf create ctrl(), nvme fc create ctrl(), nvme fc init ctrl(), and nvme remove admin tag set().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.