CVE-2026-23013

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the Octeon EP Virtual Function (VF) network driver related to Interrupt Request (IRQ) handling. Specifically, a mismatch in the dev id used during free irq() calls within the IRQ rollback loop can occur if request irq() fails during IRQ registration. This mismatch can lead to IRQ handlers remaining active even after the associated memory is freed, potentially resulting in a use-after-free condition or system crash when an interrupt fires. The issue arises because octep vf request irqs() requests MSI-X queue IRQs with a dev id set to ioq vector, but the rollback loop uses dev id set to 'oct' when calling free irq(). The fix ensures that IRQs are freed using the original ioq vector dev id.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.