CVE-2026-23038
EPSS 0.02%
Description
In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the already allocated dsaddrs list, leading to a memory leak. Fix this by jumping to the out_err_drain_dsaddrs label, which properly frees the dsaddrs list before cleaning up other resources.
How to fix CVE-2026-23038
To remediate CVE-2026-23038, upgrade the affected package to a fixed version below.
- Debian/linux—upgrade to 5.10.249-1 or later
- —upgrade to 6.1.162-1~deb11u1 or later
Is CVE-2026-23038 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 5.10.249-1
- from 0, < 6.1.162-1~deb11u1