CVE-2026-23261
Received Received - Intake
Memory Leak in Linux Kernel NVMe-FC Controller Initialization

Publication date: 2026-03-18

Last updated on: 2026-03-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvme_fabrics creates an NVMe/FC controller in following path: nvmf_dev_write() -> nvmf_create_ctrl() -> nvme_fc_create_ctrl() -> nvme_fc_init_ctrl() nvme_fc_init_ctrl() allocates the admin blk-mq resources right after nvme_add_ctrl() succeeds. If any of the subsequent steps fail (changing the controller state, scheduling connect work, etc.), we jump to the fail_ctrl path, which tears down the controller references but never frees the admin queue/tag set. The leaked blk-mq allocations match the kmemleak report seen during blktests nvme/fc. Check ctrl->ctrl.admin_tagset in the fail_ctrl path and call nvme_remove_admin_tag_set() when it is set so that all admin queue allocations are reclaimed whenever controller setup aborts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-19
Generated
2026-05-07
AI Q&A
2026-03-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23261
EUVD
EUVD-2026-12896
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by ensuring that the admin tagset is properly released if the NVMe/FC controller initialization fails, preventing memory leaks.

Immediate mitigation steps include:

  • Update the Linux kernel to a version that includes the fix for this vulnerability.
  • If updating is not immediately possible, monitor for memory leaks and controller initialization failures to identify potential impact.
  • Consider restarting affected NVMe/FC services or the system to reclaim leaked resources until a patch can be applied.

Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's NVMe over Fibre Channel (nvme-fc) driver. When creating an NVMe/FC controller, if the initialization process fails after allocating admin block multi-queue (blk-mq) resources, the allocated admin tagset is not properly freed. This leads to a memory leak because the admin queue/tag set remains allocated even though the controller setup was aborted.

Specifically, during the controller creation process, if any step after nvme_add_ctrl() succeeds but before completion fails, the code jumps to a failure path that tears down controller references but neglects to free the admin tagset. The fix involves checking if the admin tagset is set in the failure path and calling a function to remove it, ensuring all allocated resources are reclaimed.


How can this vulnerability impact me? :

This vulnerability can cause a memory leak in the Linux kernel when NVMe/FC controllers fail to initialize properly. Over time, repeated failures could lead to increased memory consumption, potentially degrading system performance or causing resource exhaustion.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves a memory leak in the NVMe/FC controller admin tagset when initialization fails. Detection can be approached by monitoring for memory leaks related to NVMe/FC devices on the system.

One way to detect this issue is to use kmemleak, a kernel memory leak detector, since the description mentions that the leaked blk-mq allocations match kmemleak reports seen during tests.

  • Enable kmemleak in the kernel (if not already enabled) and check for reports related to NVMe/FC admin tagset leaks.
  • Use the command: `cat /sys/kernel/debug/kmemleak` to view current memory leak reports.
  • Monitor system logs for errors or warnings related to NVMe/FC controller initialization failures.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart