CVE-2026-23164

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak exists in the rocker module within the Linux kernel, specifically within the rocker world port post fini() function. When ports are removed, memory allocated for rocker port->wpriv is not always freed, leading to a leak of sizeof(struct ofdpa port) bytes per port on each device removal. This occurs because the port post fini callback is NULL for certain configurations, preventing the memory from being released. The issue is resolved by ensuring that kfree(rocker port->wpriv) is always called, regardless of the presence of the port post fini callback.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

CVE-2026-23164

USN-8162-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

USN-8275-1

USN-8278-1

USN-8289-1

USN-8296-1

USN-8297-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23164

Weakness Enumeration

Related Identifiers

Affected Products

References · 602