DEBIAN-CVE-2026-23260

DEBIAN-CVE-2026-23260 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: free entry on mas_store_gfp() failure regcache_maple_write() allocates a new block ('entry') to merge adjacent ranges and then stores it with mas_store_gfp(). When mas_store_gfp() fails, the new 'entry' remains allocated and is never freed, leaking memory. Free 'entry' on the failure path; on success continue freeing the replaced neighbor blocks ('lower', 'upper').

Affected Products

Vendor	Product	Versions
Debian:14	linux	0, 6.12.38-1, 6.12.41-1
Debian:13	linux	0, 6.12.38-1, 6.12.41-1

Exploit Intelligence

4081.3.7.yml (github-poc)

Timeline

Mar 18, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-23260 advisory

Open in Interactive Console →