{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23260", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.990Z", "datePublished": "2026-03-18T17:41:06.738Z", "dateUpdated": "2026-05-11T22:03:25.152Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:03:25.152Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: free entry on mas_store_gfp() failure\n\nregcache_maple_write() allocates a new block ('entry') to merge\nadjacent ranges and then stores it with mas_store_gfp().\nWhen mas_store_gfp() fails, the new 'entry' remains allocated and\nis never freed, leaking memory.\n\nFree 'entry' on the failure path; on success continue freeing the\nreplaced neighbor blocks ('lower', 'upper')."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/regmap/regcache-maple.c"], "versions": [{"version": "f033c26de5a5734625d2dd1dc196745fae186f1b", "lessThan": "d61171cf097156030142643942c217759a9cc806", "status": "affected", "versionType": "git"}, {"version": "f033c26de5a5734625d2dd1dc196745fae186f1b", "lessThan": "811b45e2d795d955bb7fd9c816b40036f4fde350", "status": "affected", "versionType": "git"}, {"version": "f033c26de5a5734625d2dd1dc196745fae186f1b", "lessThan": "f08f2d2907675926ac5657b25f86d921f269602a", "status": "affected", "versionType": "git"}, {"version": "f033c26de5a5734625d2dd1dc196745fae186f1b", "lessThan": "f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/base/regmap/regcache-maple.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.124", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.70", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.10", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.6.124"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.12.70"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.18.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806"}, {"url": "https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350"}, {"url": "https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a"}, {"url": "https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8"}], "title": "regmap: maple: free entry on mas_store_gfp() failure", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: free entry on mas_store_gfp() failure\n\nregcache_maple_write() allocates a new block ('entry') to merge\nadjacent ranges and then stores it with mas_store_gfp().\nWhen mas_store_gfp() fails, the new 'entry' remains allocated and\nis never freed, leaking memory.\n\nFree 'entry' on the failure path; on success continue freeing the\nreplaced neighbor blocks ('lower', 'upper')."}], "id": "CVE-2026-23260", "lastModified": "2026-03-19T13:25:00.570", "metrics": {}, "published": "2026-03-18T18:16:24.477", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: regmap: maple: free entry on mas_store_gfp() failure", "id": "2448702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448702"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23260", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23260\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23260\nhttps://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23260-6464@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d61171cf097156030142643942c217759a9cc806)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,811b45e2d795d955bb7fd9c816b40036f4fde350)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f08f2d2907675926ac5657b25f86d921f269602a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.124,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.70,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.10,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-15T09:06:04.442171+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a patched release that includes the memory deallocation fix.", "Reboot or reload the kernel to activate the updated code.", "Use memory monitoring tools (e.g., vmstat, free, /proc/meminfo) to detect ongoing leaks and trigger remediation if thresholds exceed.", "If immediate kernel upgrade is unavailable, disable the regmap maple functionality or restrict usage of regcache maple writes until the patch is applied."], "summary": {"action": "Apply Patch", "impact": "Memory Leak"}, "threat_synthesis": {"affected_systems": "The flaw affects kernel code distributed by the Linux kernel project. The known CNA vendors list includes \"Linux:Linux\" twice, indicating that any system running a kernel version that incorporates the affected regmap maple code could be impacted. Specific product or version information is not provided in the known CNA affected version field, so users must ascertain whether their kernel source or distribution contains the unpatched code.", "description_and_impact": "The vulnerability resides in the Linux kernel\u2019s regmap maple subsystem. When regcache_maple_write allocates a new mapping entry to merge adjacent ranges and writes it through mas_store_gfp, a failure of mas_store_gfp leaves the newly allocated entry in memory. The entry is never freed, creating a memory leak. According to the CVE description, the failure path does not release the entry, while the success path correctly frees neighboring blocks. This defect is a classic example of a resource exhaustion issue (CWE-401). It could lead to gradual growth of memory usage in systems that frequently perform regcache maple writes, potentially impacting stability or availability if the leaked memory drains the system\u2019s memory pool.", "risk_and_exploitability": "The CVSS score is 5.5, indicating moderate severity. An EPSS score of 0.00023 (much less than 1%) suggests a very low but non\u2011zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation. The risk primarily stems from cumulative memory leakage rather than an immediate remote code execution vector. Attackers would likely need to continuously trigger regcache maple writes to exhaust memory, which is more of a denial\u2011of\u2011service scenario than an exploit for privilege escalation or confidentiality breaches."}}}}, "created": "2026-03-19T08:55:59.110454+00:00", "updated": "2026-04-15T16:45:09.839332+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}