CVE-2026-23038

描述

In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the already allocated dsaddrs list, leading to a memory leak. Fix this by jumping to the out_err_drain_dsaddrs label, which properly frees the dsaddrs list before cleaning up other resources.

如何修補 CVE-2026-23038

要修補 CVE-2026-23038,請將受影響套件升級到下列已修補版本。

• Debian/linux—升級至 5.10.249-1 或更新版本
• —升級至 6.1.162-1~deb11u1 或更新版本

CVE-2026-23038 正在被利用嗎?

低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。

受影響套件(2)

• from 0, < 5.10.249-1
• from 0, < 6.1.162-1~deb11u1

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2026-23038