Login Sign Up

CVE-2026-23164

N/A Unknown

📋 TL;DR

A memory leak vulnerability exists in the Linux kernel's rocker driver where allocated memory for port private data is not properly freed when ports are removed. This affects systems using the rocker network switch driver, potentially leading to gradual memory exhaustion over time. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:
  • Linux kernel with rocker driver enabled
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if CONFIG_NET_SWITCHDEV=y and rocker driver is loaded/used. Not all systems use this driver.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Continuous memory exhaustion leading to system instability, denial of service, or kernel panic if many port creation/removal cycles occur.

🟠

Likely Case

Gradual memory consumption over time during normal network operations, potentially causing performance degradation.

🟢

If Mitigated

Minimal impact with proper monitoring and regular system maintenance.

🌐 Internet-Facing: LOW - Requires local access to trigger, not directly exploitable from network.
🏢 Internal Only: MEDIUM - Local users or processes could trigger the leak through port operations.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger port creation/removal operations. Not a remote code execution vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 2a3a64d75d2d0727da285749476761ebcad557a3 or later

Vendor Advisory: https://git.kernel.org/stable/c/2a3a64d75d2d0727da285749476761ebcad557a3

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. Reboot system to load new kernel. 3. Verify rocker driver is updated.

🔧 Temporary Workarounds

Disable rocker driver

all

Unload or prevent loading of the vulnerable rocker driver module

rmmod rocker
echo 'blacklist rocker' > /etc/modprobe.d/blacklist-rocker.conf

Limit port operations

all

Restrict user/process access to network port management operations

🧯 If You Can't Patch

  • Monitor system memory usage for unusual growth patterns
  • Restrict local user access to systems using rocker driver
  • Implement regular system reboots to clear accumulated memory

🔍 How to Verify

Check if Vulnerable:

Check if rocker module is loaded: lsmod | grep rocker. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: grep -q '2a3a64d75d2d0727da285749476761ebcad557a3' /proc/version_signature (if available) or check kernel source.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • Increasing memory usage in system logs
  • Kernel panic logs related to memory exhaustion

Network Indicators:

  • Unusual network port creation/removal activity

SIEM Query:

source="kernel" AND ("out of memory" OR "oom-killer" OR "memory allocation failure")

📊 Metadata

CVE ID: CVE-2026-23164
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON