CVE-2026-23013 – net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback

CVE ID : CVE-2026-23013

Published : Jan. 25, 2026, 3:15 p.m. | 1 hour, 46 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback

octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to
ioq_vector. If request_irq() fails part-way, the rollback loop calls
free_irq() with dev_id set to ‘oct’, which does not match the original
dev_id and may leave the irqaction registered.

This can keep IRQ handlers alive while ioq_vector is later freed during
unwind/teardown, leading to a use-after-free or crash when an interrupt
fires.

Fix the error path to free IRQs with the same ioq_vector dev_id used
during request_irq().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…