Bug 2468090 (CVE-2026-43317)

Summary: CVE-2026-43317 kernel: most: core: fix leak on early registration failure
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel, specifically within the 'most: core' component. This vulnerability involves a resource leak that occurs during early registration failures. When an early registration fails, the resources associated with the interface are not properly released. This can lead to resource exhaustion and potentially result in a Denial of Service (DoS) condition.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-08 14:04:00 UTC 
In the Linux kernel, the following vulnerability has been resolved:

most: core: fix leak on early registration failure

A recent commit fixed a resource leak on early registration failures but
for some reason left out the first error path which still leaks the
resources associated with the interface.

Fix up also the first error path so that the interface is always
released on errors.
Comment 1 Keith Grant 2026-05-08 19:10:25 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050818-CVE-2026-43317-a9bf@gregkh/T