DEBIAN-CVE-2026-23046

In the Linux kernel, the following vulnerability has been resolved: virtionet: fix device mismatch in devmkzalloc/devmkfree Initial rsshdr allocation uses virtiodevice->device, but virtnetsetqueues() frees using netdevice->device. This device mismatch causing below devres warning [ 3788.514041] ------------[ cut here ]------------ [ 3788.514044] WARNING: drivers/base/devres.c:1095 at devmkfree+0x84/0x98, CPU#16: vdpa/1463 [ 3788.514054] Modules linked in: octepvdpa virtionet virtiovdpa [last unloaded: virtiovdpa] [ 3788.514064] CPU: 16 UID: 0 PID: 1463 Comm: vdpa Tainted: G W 6.18.0 #10 PREEMPT [ 3788.514067] Tainted: [W]=WARN [ 3788.514069] Hardware name: Marvell CN106XX board (DT) [ 3788.514071] pstate: 63400009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 3788.514074] pc : devmkfree+0x84/0x98 [ 3788.514076] lr : devmkfree+0x54/0x98 [ 3788.514079] sp : ffff800084e2f220 [ 3788.514080] x29: ffff800084e2f220 x28: ffff0003b2366000 x27: 000000000000003f [ 3788.514085] x26: 000000000000003f x25: ffff000106f17c10 x24: 0000000000000080 [ 3788.514089] x23: ffff00045bb8ab08 x22: ffff00045bb8a000 x21: 0000000000000018 [ 3788.514093] x20: ffff0004355c3080 x19: ffff00045bb8aa00 x18: 0000000000080000 [ 3788.514098] x17: 0000000000000040 x16: 000000000000001f x15: 000000000007ffff [ 3788.514102] x14: 0000000000000488 x13: 0000000000000005 x12: 00000000000fffff [ 3788.514106] x11: ffffffffffffffff x10: 0000000000000005 x9 : ffff800080c8c05c [ 3788.514110] x8 : ffff800084e2eeb8 x7 : 0000000000000000 x6 : 000000000000003f [ 3788.514115] x5 : ffff8000831bafe0 x4 : ffff800080c8b010 x3 : ffff0004355c3080 [ 3788.514119] x2 : ffff0004355c3080 x1 : 0000000000000000 x0 : 0000000000000000 [ 3788.514123] Call trace: [ 3788.514125] devmkfree+0x84/0x98 (P) [ 3788.514129] virtnetsetqueues+0x134/0x2e8 [virtionet] [ 3788.514135] virtnetprobe+0x9c0/0xe00 [virtionet] [ 3788.514139] virtiodevprobe+0x1e0/0x338 [ 3788.514144] reallyprobe+0xc8/0x3a0 [ 3788.514149] __driverprobedevice+0x84/0x170 [ 3788.514152] driverprobedevice+0x44/0x120 [ 3788.514155] __deviceattachdriver+0xc4/0x168 [ 3788.514158] busforeach_drv+0x8c/0xf0 [ 3788.514161] __deviceattach+0xa4/0x1c0 [ 3788.514164] deviceinitialprobe+0x1c/0x30 [ 3788.514168] busprobedevice+0xb4/0xc0 [ 3788.514170] deviceadd+0x614/0x828 [ 3788.514173] registervirtiodevice+0x214/0x258 [ 3788.514175] virtiovdpaprobe+0xa0/0x110 [virtiovdpa] [ 3788.514179] vdpadevprobe+0xa8/0xd8 [ 3788.514183] reallyprobe+0xc8/0x3a0 [ 3788.514186] __driverprobedevice+0x84/0x170 [ 3788.514189] driverprobedevice+0x44/0x120 [ 3788.514192] __deviceattachdriver+0xc4/0x168 [ 3788.514195] busforeach_drv+0x8c/0xf0 [ 3788.514197] __deviceattach+0xa4/0x1c0 [ 3788.514200] deviceinitialprobe+0x1c/0x30 [ 3788.514203] busprobedevice+0xb4/0xc0 [ 3788.514206] deviceadd+0x614/0x828 [ 3788.514209] vdparegisterdevice+0x58/0x88 [ 3788.514211] octepvdpadevadd+0x104/0x228 [octepvdpa] [ 3788.514215] vdpanlcmddevaddsetdoit+0x2d0/0x3c0 [ 3788.514218] genlfamilyrcvmsgdoit+0xe4/0x158 [ 3788.514222] genlrcvmsg+0x218/0x298 [ 3788.514225] netlinkrcvskb+0x64/0x138 [ 3788.514229] genlrcv+0x40/0x60 [ 3788.514233] netlinkunicast+0x32c/0x3b0 [ 3788.514237] netlinksendmsg+0x170/0x3b8 [ 3788.514241] __sys_sendto+0x12c/0x1c0 [ 3788.514246] __arm64syssendto+0x30/0x48 [ 3788.514249] invokesyscall.constprop.0+0x58/0xf8 [ 3788.514255] doel0svc+0x48/0xd0 [ 3788.514259] el0svc+0x48/0x210 [ 3788.514264] el0t64synchandler+0xa0/0xe8 [ 3788.514268] el0t64sync+0x198/0x1a0 [ 3788.514271] ---[ end trace 0000000000000000 ]--- Fix by using virtiodevice->device consistently for allocation and deallocation