CVE-2023-26545

Published: Feb 25, 2023Modified: Jun 25, 2025

4.7

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

Affected (7)

Products: Debian: Debian Linux · Linux: Linux Kernel · Netapp: H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware, H410c Firmware

1 product

1 product

5 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.1 to 6.1.13

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (12)

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13

Source: cve@mitre.org

Release Notes

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377

Source: cve@mitre.org

Issue TrackingMailing List

https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377

Source: cve@mitre.org

Patch

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20230316-0009/

Source: cve@mitre.org

Third Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13