Main Vulnerability Database SB2026032093

SB2026032093 - Missing release of memory after effective lifetime in Linux kernel base regmap driver

Published: March 20, 2026

Security Bulletin ID SB2026032093

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing release of memory after effective lifetime (CVE-ID: CVE-2026-23260)

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper memory management in the regmap maple tree component when storing a newly allocated block. A local user can trigger a failure in the storage operation to cause memory disclosure.

Memory allocated for a new entry is not freed on failure of mas_store_gfp(), potentially exposing uninitialized memory contents. The issue requires the ability to write to regmap-controlled hardware registers, typically available to privileged users.

Remediation

Install update from vendor's website.

SB2026032093 - Missing release of memory after effective lifetime in Linux kernel base regmap driver

Breakdown by Severity

Description

Remediation

References

Please verify you're human