CVE-2026-23013
- Source
- https://cve.org/CVERecord?id=CVE-2026-23013
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23013.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-23013
- Downstream
- Published
- 2026-01-25T14:36:26.208Z
- Modified
- 2026-02-09T19:36:43.032113Z
- Summary
- net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
net: octeonepvf: fix freeirq devid mismatch in IRQ rollback
octepvfrequestirqs() requests MSI-X queue IRQs with devid set to ioqvector. If requestirq() fails part-way, the rollback loop calls freeirq() with devid set to 'oct', which does not match the original dev_id and may leave the irqaction registered.
This can keep IRQ handlers alive while ioq_vector is later freed during unwind/teardown, leading to a use-after-free or crash when an interrupt fires.
Fix the error path to free IRQs with the same ioqvector devid used during request_irq().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23013.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/aa05a8371ae4a452df623f7202c72409d3c50e40
- https://git.kernel.org/stable/c/aa4c066229b05fc3d3c5f42693d25b1828533b6e
- https://git.kernel.org/stable/c/f93fc5d12d69012788f82151bee55fce937e1432
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23013.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23013
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1cd3b407977c3ab1d2ddc26cb7113e7fb1509cd1Fixedaa05a8371ae4a452df623f7202c72409d3c50e40Fixedaa4c066229b05fc3d3c5f42693d25b1828533b6eFixedf93fc5d12d69012788f82151bee55fce937e1432
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.46
v6.12.47
v6.12.48
v6.12.49
v6.12.5
v6.12.50
v6.12.51
v6.12.52
v6.12.53
v6.12.54
v6.12.55
v6.12.56
v6.12.57
v6.12.58
v6.12.59
v6.12.6
v6.12.60
v6.12.61
v6.12.62
v6.12.63
v6.12.64
v6.12.65
v6.12.66
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.18
v6.18-rc1
v6.18-rc2
v6.18-rc3
v6.18-rc4
v6.18-rc5
v6.18-rc6
v6.18-rc7
v6.18.1
v6.18.2
v6.18.3
v6.18.4
v6.18.5
v6.18.6
v6.19-rc1
v6.19-rc2
v6.19-rc3
v6.19-rc4
v6.8
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7