DEBIAN-CVE-2026-23464

DEBIAN-CVE-2026-23464 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails, the function returns immediately without freeing the allocated memory for sys_controller, leading to a memory leak. Fix this by jumping to the out_free label to ensure the memory is properly freed. Also, consolidate the error handling for the mbox_request_channel() failure case to use the same label.

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 6.12.38-1, 6.12.43-1
Debian:14	linux	6.16.10-1, 6.16.11-1, 6.16.12-1

Timeline

Apr 3, 2026 CVE Published
Apr 30, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-23464 advisory

Open in Interactive Console →