{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23464", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.021Z", "datePublished": "2026-04-03T15:15:43.137Z", "dateUpdated": "2026-05-11T22:07:29.791Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:07:29.791Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()\n\nIn mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails,\nthe function returns immediately without freeing the allocated memory\nfor sys_controller, leading to a memory leak.\n\nFix this by jumping to the out_free label to ensure the memory is\nproperly freed.\n\nAlso, consolidate the error handling for the mbox_request_channel()\nfailure case to use the same label."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/soc/microchip/mpfs-sys-controller.c"], "versions": [{"version": "742aa6c563d29c367edbf0ef7236a7a853ed9be4", "lessThan": "da4b44c42f40501db35f5d0a6243708a061490a0", "status": "affected", "versionType": "git"}, {"version": "742aa6c563d29c367edbf0ef7236a7a853ed9be4", "lessThan": "e3dd5cffba07de6574165a72851471cd42cc6d15", "status": "affected", "versionType": "git"}, {"version": "742aa6c563d29c367edbf0ef7236a7a853ed9be4", "lessThan": "17c84fb7cf3971cc621646185d785670e9530ca1", "status": "affected", "versionType": "git"}, {"version": "742aa6c563d29c367edbf0ef7236a7a853ed9be4", "lessThan": "5a741f8cc6fe62542f955cd8d24933a1b6589cbd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/soc/microchip/mpfs-sys-controller.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0"}, {"url": "https://git.kernel.org/stable/c/e3dd5cffba07de6574165a72851471cd42cc6d15"}, {"url": "https://git.kernel.org/stable/c/17c84fb7cf3971cc621646185d785670e9530ca1"}, {"url": "https://git.kernel.org/stable/c/5a741f8cc6fe62542f955cd8d24933a1b6589cbd"}], "title": "soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()\n\nIn mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails,\nthe function returns immediately without freeing the allocated memory\nfor sys_controller, leading to a memory leak.\n\nFix this by jumping to the out_free label to ensure the memory is\nproperly freed.\n\nAlso, consolidate the error handling for the mbox_request_channel()\nfailure case to use the same label."}], "id": "CVE-2026-23464", "lastModified": "2026-04-07T13:20:55.200", "metrics": {}, "published": "2026-04-03T16:16:33.697", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/17c84fb7cf3971cc621646185d785670e9530ca1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5a741f8cc6fe62542f955cd8d24933a1b6589cbd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e3dd5cffba07de6574165a72851471cd42cc6d15"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()", "id": "2454841", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454841"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel, specifically within the Microchip PolarFire SoC (System-on-Chip) system controller driver. When the `mpfs_sys_controller_probe()` function fails to initialize a device, it does not properly release allocated memory. This memory leak can accumulate over time, potentially leading to system instability or a denial of service (DoS) condition, where legitimate system operations are disrupted."], "name": "CVE-2026-23464", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23464\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23464\nhttps://lore.kernel.org/linux-cve-announce/2026040320-CVE-2026-23464-840f@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[742aa6c563d29c367edbf0ef7236a7a853ed9be4,da4b44c42f40501db35f5d0a6243708a061490a0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[742aa6c563d29c367edbf0ef7236a7a853ed9be4,e3dd5cffba07de6574165a72851471cd42cc6d15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[742aa6c563d29c367edbf0ef7236a7a853ed9be4,17c84fb7cf3971cc621646185d785670e9530ca1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[742aa6c563d29c367edbf0ef7236a7a853ed9be4,5a741f8cc6fe62542f955cd8d24933a1b6589cbd)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.8"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.8)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.78,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-07T10:09:01.640743+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that contains the mpfs_sys_controller_probe memory leak patch or apply the patch commit directly to the source", "Reboot the system to unload and reload the MPFS driver and confirm the patch is in effect", "Verify through dmesg or kernel logs that no further memory leaks occur during MPFS driver initialization", "Monitor system memory usage for abnormal growth to ensure the leak has been fully resolved"], "summary": {"action": "Patch", "impact": "Denial of Service via memory exhaustion"}, "threat_synthesis": {"affected_systems": "Any installation of the Linux kernel that incorporates the Microchip MPFS system controller driver is affected. The vulnerability is not tied to a specific kernel version; therefore, all kernels that still contain the vulnerable code should be updated. Administrators should verify whether their deployments include MPFS support and whether the recent patch commit has been applied.", "description_and_impact": "In the Linux kernel, initializing the MPFS driver allocates a sys_controller structure. If the call to of_get_mtd_device_by_node fails, the function returns without freeing the allocation, creating a memory leak. Over time, repeated failures can exhaust kernel memory, potentially causing a kernel panic or degraded performance. This flaw is a resource\u2011exhaustion vulnerability (CWE\u2011772) and does not give an attacker code execution or data disclosure capabilities.", "risk_and_exploitability": "The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low likelihood of exploitation. Based on the description, the likely attack vector is local and would require an attacker who can trigger the driver\u2019s initialization with a device tree node that causes of_get_mtd_device_by_node to fail. The impact is limited to service availability, with no data compromise or privilege escalation. The resource exhaustion could affect overall system stability, so the risk is moderate but the recommended response is prompt patching."}}}}, "created": "2026-04-03T21:13:34.627015+00:00", "updated": "2026-04-08T19:53:42.903473+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}