CVE-2026-23261
- Source
- https://cve.org/CVERecord?id=CVE-2026-23261
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23261.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23261
- Downstream
- Published
- 2026-03-18T17:41:07.478Z
- Modified
- 2026-04-02T13:12:19.394417Z
- Summary
- nvme-fc: release admin tagset if init fails
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nvme-fc: release admin tagset if init fails
nvme_fabrics creates an NVMe/FC controller in following path:
nvmf_dev_write() -> nvmf_create_ctrl() -> nvme_fc_create_ctrl() -> nvme_fc_init_ctrl()nvmefcinitctrl() allocates the admin blk-mq resources right after nvmeaddctrl() succeeds. If any of the subsequent steps fail (changing the controller state, scheduling connect work, etc.), we jump to the failctrl path, which tears down the controller references but never frees the admin queue/tag set. The leaked blk-mq allocations match the kmemleak report seen during blktests nvme/fc.
Check ctrl->ctrl.admintagset in the failctrl path and call nvmeremoveadmintagset() when it is set so that all admin queue allocations are reclaimed whenever controller setup aborts.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23261.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/7c54d3f5ebbc5982daaa004260242dc07ac943ea
- https://git.kernel.org/stable/c/d1877cc7270302081a315a81a0ee8331f19f95c8
- https://git.kernel.org/stable/c/e810b290922c535feb34bc90ab549446fe94d2a3
- https://git.kernel.org/stable/c/fa301aef50e3f3b5be6ee53457608beae5aa7a01
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23261.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23261
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5fe335a80548e2eda5d51fab801108b323600e95Fixed7c54d3f5ebbc5982daaa004260242dc07ac943ea
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced17c3a66d7ea2d303f783796d62f99e2e23b68c90Fixedfa301aef50e3f3b5be6ee53457608beae5aa7a01
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedea3442efabd0aa3930c5bab73c3901ef38ef6ac3Fixede810b290922c535feb34bc90ab549446fe94d2a3Fixedd1877cc7270302081a315a81a0ee8331f19f95c8
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected0d1840b2dd8fe073c020c39bf8e8e89488070801