{"id":"CVE-2026-23260","summary":"regmap: maple: free entry on mas_store_gfp() failure","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: free entry on mas_store_gfp() failure\n\nregcache_maple_write() allocates a new block ('entry') to merge\nadjacent ranges and then stores it with mas_store_gfp().\nWhen mas_store_gfp() fails, the new 'entry' remains allocated and\nis never freed, leaking memory.\n\nFree 'entry' on the failure path; on success continue freeing the\nreplaced neighbor blocks ('lower', 'upper').","modified":"2026-03-20T12:47:29.236705Z","published":"2026-03-18T17:41:06.738Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23260.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23260.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23260"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f033c26de5a5734625d2dd1dc196745fae186f1b"},{"fixed":"d61171cf097156030142643942c217759a9cc806"},{"fixed":"811b45e2d795d955bb7fd9c816b40036f4fde350"},{"fixed":"f08f2d2907675926ac5657b25f86d921f269602a"},{"fixed":"f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23260.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.4.0"},{"fixed":"6.6.124"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.70"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23260.json"}}],"schema_version":"1.7.5"}