CVE-2026-23257
net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup
Description
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index. Compile tested only. Issue found using code review.
INFO
Published Date :
March 18, 2026, 6:16 p.m.
Last Modified :
March 18, 2026, 6:16 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2026-23257
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update the Linux kernel.
- Modify the cleanup loop to iterate correctly.
- Decrement i in the devlink_alloc failure path.
- Ensure proper memory allocation on failure.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-23257.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-23257 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-23257
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-23257 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-23257 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mar. 18, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label setup_nic_dev_free on failure. The current cleanup loop while(i--) skip the failing index i, causing a memory leak. Fix this by changing the loop to iterate from the current index i down to 0. Also, decrement i in the devlink_alloc failure path to point to the last successfully allocated index. Compile tested only. Issue found using code review. Added Reference https://git.kernel.org/stable/c/293eaad0d6d6b2a37a458c7deb7be345349cd963 Added Reference https://git.kernel.org/stable/c/8558aef4e8a1a83049ab906d21d391093cfa7e7f Added Reference https://git.kernel.org/stable/c/a0d2389c8cdc1f05de5eb8663bffe9ed05dca769 Added Reference https://git.kernel.org/stable/c/af38d9a5cb49fe9d0d282b44f17fdc1f3270d99d Added Reference https://git.kernel.org/stable/c/d86c58eb005eb99da402452f3db7a6e0eae32815 Added Reference https://git.kernel.org/stable/c/f1216b80c9040a904d2ad7c8cd24ca0ff1f36932 Added Reference https://git.kernel.org/stable/c/f86bd16280a0f88b538394e0565c56ce4756da99