CVE-2026-23013

HIGH 7.0

net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback

CVSS Score

7.0

EPSS Score

0.0%

EPSS Percentile

4th

In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to ioq_vector. If request_irq() fails part-way, the rollback loop calls free_irq() with dev_id set to 'oct', which does not match the original dev_id and may leave the irqaction registered. This can keep IRQ handlers alive while ioq_vector is later freed during unwind/teardown, leading to a use-after-free or crash when an interrupt fires. Fix the error path to free IRQs with the same ioq_vector dev_id used during request_irq().

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jan 25, 2026
Last Updated	Apr 3, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

1cd3b407977c3ab1d2ddc26cb7113e7fb1509cd1 < aa05a8371ae4a452df623f7202c72409d3c50e40 1cd3b407977c3ab1d2ddc26cb7113e7fb1509cd1 < aa4c066229b05fc3d3c5f42693d25b1828533b6e 1cd3b407977c3ab1d2ddc26cb7113e7fb1509cd1 < f93fc5d12d69012788f82151bee55fce937e1432

Linux / Linux

6.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/aa05a8371ae4a452df623f7202c72409d3c50e40 git.kernel.org: https://git.kernel.org/stable/c/aa4c066229b05fc3d3c5f42693d25b1828533b6e git.kernel.org: https://git.kernel.org/stable/c/f93fc5d12d69012788f82151bee55fce937e1432