Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux Kernel: Memory Leak in Rocker Module Affects Device Removal
CVE-2026-23164
Summary
A bug in the Linux kernel's Rocker module can cause memory to be leaked when devices are removed, leading to performance issues and potential crashes over time. This issue affects the performance and stability of Linux devices that use the Rocker module. To fix this issue, update your Linux kernel to the latest version to ensure memory is properly freed when devices are removed.
Original title
In the Linux kernel, the following vulnerability has been resolved:
rocker: fix memory leak in rocker_world_port_post_fini()
In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with
...
Original description
In the Linux kernel, the following vulnerability has been resolved:
rocker: fix memory leak in rocker_world_port_post_fini()
In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with
kzalloc(wops->port_priv_size, GFP_KERNEL). However, in
rocker_world_port_post_fini(), the memory is only freed when
wops->port_post_fini callback is set:
if (!wops->port_post_fini)
return;
wops->port_post_fini(rocker_port);
kfree(rocker_port->wpriv);
Since rocker_ofdpa_ops does not implement port_post_fini callback
(it is NULL), the wpriv memory allocated for each port is never freed
when ports are removed. This leads to a memory leak of
sizeof(struct ofdpa_port) bytes per port on every device removal.
Fix this by always calling kfree(rocker_port->wpriv) regardless of
whether the port_post_fini callback exists.
rocker: fix memory leak in rocker_world_port_post_fini()
In rocker_world_port_pre_init(), rocker_port->wpriv is allocated with
kzalloc(wops->port_priv_size, GFP_KERNEL). However, in
rocker_world_port_post_fini(), the memory is only freed when
wops->port_post_fini callback is set:
if (!wops->port_post_fini)
return;
wops->port_post_fini(rocker_port);
kfree(rocker_port->wpriv);
Since rocker_ofdpa_ops does not implement port_post_fini callback
(it is NULL), the wpriv memory allocated for each port is never freed
when ports are removed. This leads to a memory leak of
sizeof(struct ofdpa_port) bytes per port on every device removal.
Fix this by always calling kfree(rocker_port->wpriv) regardless of
whether the port_post_fini callback exists.
- https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3
- https://git.kernel.org/stable/c/8ce2e85889939c02740b4245301aa5c35fc94887
- https://git.kernel.org/stable/c/8d7ba71e46216b8657a82ca2ec118bc93812a4d0
- https://git.kernel.org/stable/c/b11e6f926480ab0939fec44781f28558c54be4e7
- https://git.kernel.org/stable/c/d448bf96889f1905e740c554780f5c9fa0440566
- https://git.kernel.org/stable/c/d8723917efda3b4f4c3de78d1ec1e1af015c0be1
- https://git.kernel.org/stable/c/dce375f4afc348c310d171abcde7ec1499a4c26a
Published: 14 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026