HOMEVULNERABILITIESCVE-2026-23164
NONE

CVE-2026-23164

Published: February 14, 2026· Updated: Feb 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.4th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

rocker: fix memory leak in rocker_world_port_post_fini()

In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with

kzalloc(wops->port_priv_size, GFP_KERNEL). However, in

rocker_world_port_post_fini(), the memory is only freed when

wops->port_post_fini callback is set:

if (!wops->port_post_fini)

return;

wops->port_post_fini(rocker_port);

kfree(rocker_port->wpriv);

Since rocker_ofdpa_ops does not implement port_post_fini callback

(it is NULL), the wpriv memory allocated for each port is never freed

when ports are removed. This leads to a memory leak of

sizeof(struct ofdpa_port) bytes per port on every device removal.

Fix this by always calling kfree(rocker_port->wpriv) regardless of

whether the port_post_fini callback exists.

NVD Source

Technical Analysis

CVE-2026-23164 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (7)

Quick Facts

CVE IDCVE-2026-23164
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 14, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23164 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.