CVE-2026-23038
BaseFortify
Publication date: 2026-01-31
Last updated on: 2026-02-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's pnfs/flexfiles component. Specifically, in the function nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function incorrectly jumps to a label that does not free the already allocated dsaddrs list, causing a memory leak. The fix involves changing the jump to a label that properly frees the dsaddrs list before cleaning up other resources.
How can this vulnerability impact me? :
The memory leak caused by this vulnerability can lead to increased memory usage in the Linux kernel, potentially degrading system performance or causing resource exhaustion over time if the faulty code path is frequently executed.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the Linux kernel version that includes the fix for the memory leak in nfs4_ff_alloc_deviceid_node(). This fix ensures proper freeing of allocated memory and prevents the leak. Until then, consider monitoring system memory usage related to NFS operations and avoid workloads that heavily use pnfs/flexfiles if possible.