CVE-2026-23464

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23464
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23464.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23464
Downstream
Related
Published
2026-04-03T15:15:43.137Z
Modified
2026-06-02T18:29:29.937198237Z
Summary
soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()
Details

In the Linux kernel, the following vulnerability has been resolved:

soc: microchip: mpfs: Fix memory leak in mpfssyscontroller_probe()

In mpfssyscontrollerprobe(), if ofgetmtddevicebynode() fails, the function returns immediately without freeing the allocated memory for sys_controller, leading to a memory leak.

Fix this by jumping to the out_free label to ensure the memory is properly freed.

Also, consolidate the error handling for the mboxrequestchannel() failure case to use the same label.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23464.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
742aa6c563d29c367edbf0ef7236a7a853ed9be4
Fixed
da4b44c42f40501db35f5d0a6243708a061490a0
Fixed
e3dd5cffba07de6574165a72851471cd42cc6d15
Fixed
17c84fb7cf3971cc621646185d785670e9530ca1
Fixed
5a741f8cc6fe62542f955cd8d24933a1b6589cbd

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23464.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.10

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23464.json"