{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23464", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.021Z", "datePublished": "2026-04-03T15:15:43.137Z", "dateUpdated": "2026-04-03T15:15:43.137Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T15:15:43.137Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()\n\nIn mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails,\nthe function returns immediately without freeing the allocated memory\nfor sys_controller, leading to a memory leak.\n\nFix this by jumping to the out_free label to ensure the memory is\nproperly freed.\n\nAlso, consolidate the error handling for the mbox_request_channel()\nfailure case to use the same label."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/soc/microchip/mpfs-sys-controller.c"], "versions": [{"version": "742aa6c563d29c367edbf0ef7236a7a853ed9be4", "lessThan": "da4b44c42f40501db35f5d0a6243708a061490a0", "status": "affected", "versionType": "git"}, {"version": "742aa6c563d29c367edbf0ef7236a7a853ed9be4", "lessThan": "e3dd5cffba07de6574165a72851471cd42cc6d15", "status": "affected", "versionType": "git"}, {"version": "742aa6c563d29c367edbf0ef7236a7a853ed9be4", "lessThan": "17c84fb7cf3971cc621646185d785670e9530ca1", "status": "affected", "versionType": "git"}, {"version": "742aa6c563d29c367edbf0ef7236a7a853ed9be4", "lessThan": "5a741f8cc6fe62542f955cd8d24933a1b6589cbd", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/soc/microchip/mpfs-sys-controller.c"], "versions": [{"version": "6.8", "status": "affected"}, {"version": "0", "lessThan": "6.8", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.8", "versionEndExcluding": "7.0-rc5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0"}, {"url": "https://git.kernel.org/stable/c/e3dd5cffba07de6574165a72851471cd42cc6d15"}, {"url": "https://git.kernel.org/stable/c/17c84fb7cf3971cc621646185d785670e9530ca1"}, {"url": "https://git.kernel.org/stable/c/5a741f8cc6fe62542f955cd8d24933a1b6589cbd"}], "title": "soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()\n\nIn mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails,\nthe function returns immediately without freeing the allocated memory\nfor sys_controller, leading to a memory leak.\n\nFix this by jumping to the out_free label to ensure the memory is\nproperly freed.\n\nAlso, consolidate the error handling for the mbox_request_channel()\nfailure case to use the same label."}], "id": "CVE-2026-23464", "lastModified": "2026-04-03T16:16:33.697", "metrics": {}, "published": "2026-04-03T16:16:33.697", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/17c84fb7cf3971cc621646185d785670e9530ca1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5a741f8cc6fe62542f955cd8d24933a1b6589cbd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/da4b44c42f40501db35f5d0a6243708a061490a0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e3dd5cffba07de6574165a72851471cd42cc6d15"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[742aa6c563d29c367edbf0ef7236a7a853ed9be4,da4b44c42f40501db35f5d0a6243708a061490a0)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[742aa6c563d29c367edbf0ef7236a7a853ed9be4,e3dd5cffba07de6574165a72851471cd42cc6d15)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[742aa6c563d29c367edbf0ef7236a7a853ed9be4,17c84fb7cf3971cc621646185d785670e9530ca1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[742aa6c563d29c367edbf0ef7236a7a853ed9be4,5a741f8cc6fe62542f955cd8d24933a1b6589cbd)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.8"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.8)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.78,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-03T19:08:29.391019+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the mpfs driver fix", "Verify that the mpfs driver is compiled with the patch", "If upgrading is not immediately possible, monitor system memory usage for abnormal growth", "Check Microchip MPFS documentation for any vendor\u2011specific patches"], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that include the Microchip MPFS (mpfs) driver are affected. Because the advisory does not list specific kernel or driver versions, any kernel that contains the unpatched mpfs driver is vulnerable. Users of vendor\u2011supplied kernels that ship the mpfs driver without the patch are likewise impacted.\n", "description_and_impact": "In the Linux kernel, the Microchip MPFS system controller driver contains a memory leak in the mpfs_sys_controller_probe() function. When the function attempts to acquire an MTD device via of_get_mtd_device_by_node() and that call fails, the function returns immediately without freeing the memory allocated for the sys_controller structure, causing the allocator to keep more and more kernel memory.\n\nThe unfreed memory accumulates across repeated probe attempts and can eventually consume available kernel memory, potentially causing system instability or a crash due to out\u2011of\u2011memory conditions.\n\nThe vulnerability is a classic resource exhaustion flaw and does not provide an immediate exploit path for code execution.\n", "risk_and_exploitability": "The risk is primarily local; an attacker would need to trigger repeated probe failures to exhaust kernel memory. Based on the description, it is inferred that the attack vector is local, requiring direct access to trigger the probe routine, such as by inserting a faulty device or rebooting the system with a misconfigured MPFS node. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. While no remote code execution path is described, uncontrolled memory consumption can lead to denial of service if the flaw is repeatedly exercised.\n"}}}}, "created": "2026-04-03T21:13:34.627015+00:00", "updated": "2026-04-03T21:15:48.608726+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-401"]}