Linux Kernel: Memory Leak in PCI Device Handling

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Linux Kernel: Memory Leak in PCI Device Handling

OESA-2026-1503

Summary

A fix has been released for the Linux kernel to prevent a memory leak that could occur when handling PCI devices. This issue was fixed to ensure the kernel's error handling doesn't accidentally free the same memory twice, which could lead to a security risk if exploited. Users should update their Linux kernel to the latest version to prevent potential issues.

What to do

Update kernel to version 6.6.0-141.0.0.123.oe2403.

Affected software

Vendor	Product	Affected versions	Fix available
–	kernel	<= 6.6.0-141.0.0.123.oe2403	6.6.0-141.0.0.123.oe2403

Original title

kernel security update

Original description

The Linux Kernel, the operating system core itself.

Security Fix(es):

In the Linux kernel, the following vulnerability has been resolved:

misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()

When auxiliary_device_add() returns error and then calls
auxiliary_device_uninit(), callback function
gp_auxiliary_device_release() calls ida_free() and
kfree(aux_device_wrapper) to free memory. We should't
call them again in the error handling path.

Fix this by skipping the redundant cleanup functions.(CVE-2024-36973)

https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-36973 Vendor Advisory

Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026