Bug 2448713 (CVE-2026-23258)

Summary: CVE-2026-23258 kernel: net: liquidio: Initialize netdev pointer before queue setup
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A memory leak was found in the Linux kernel's LiquidIO network driver. In setup_nic_devices(), the netdev structure is allocated via alloc_etherdev_mq() but the pointer is stored in oct->props[i].netdev only after queue setup calls. If netif_set_real_num_rx_queues() or netif_set_real_num_tx_queues() fails, the allocated netdev is not freed because liquidio_destroy_nic_device() cannot find it.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-03-18 18:04:13 UTC 
In the Linux kernel, the following vulnerability has been resolved:

net: liquidio: Initialize netdev pointer before queue setup

In setup_nic_devices(), the netdev is allocated using alloc_etherdev_mq().
However, the pointer to this structure is stored in oct->props[i].netdev
only after the calls to netif_set_real_num_rx_queues() and
netif_set_real_num_tx_queues().

If either of these functions fails, setup_nic_devices() returns an error
without freeing the allocated netdev. Since oct->props[i].netdev is still
NULL at this point, the cleanup function liquidio_destroy_nic_device()
will fail to find and free the netdev, resulting in a memory leak.

Fix this by initializing oct->props[i].netdev before calling the queue
setup functions. This ensures that the netdev is properly accessible for
cleanup in case of errors.

Compile tested only. Issue found using a prototype static analysis tool
and code review.
Comment 1 Jon Moroney 2026-03-18 18:51:57 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23258-d181@gregkh/T