What is GHSA-5crp-hwj6-6www?

GHSA-5crp-hwj6-6www is a security advisory published by GitHub Security Advisories with Medium severity. In the Linux kernel, the following vulnerability has been resolved: regmap: maple: free entry on...

Which CVE IDs does GHSA-5crp-hwj6-6www cover?

GHSA-5crp-hwj6-6www covers the following CVE IDs: CVE-2026-23260. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-5crp-hwj6-6www?

GHSA-5crp-hwj6-6www has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-5crp-hwj6-6wwwMediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: regmap: maple: free entry on...

Vendor

GitHub Security Advisories

Published

March 18, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-23260 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

regmap: maple: free entry on mas_store_gfp() failure

regcache_maple_write() allocates a new block ('entry') to merge adjacent ranges and then stores it with mas_store_gfp(). When mas_store_gfp() fails, the new 'entry' remains allocated and is never freed, leaking memory.

Free 'entry' on the failure path; on success continue freeing the replaced neighbor blocks ('lower', 'upper').

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-23260
https://git.kernel.org/stable/c/811b45e2d795d955bb7fd9c816b40036f4fde350
https://git.kernel.org/stable/c/d61171cf097156030142643942c217759a9cc806
https://git.kernel.org/stable/c/f08f2d2907675926ac5657b25f86d921f269602a
https://git.kernel.org/stable/c/f3f380ce6b3d5c9805c7e0b3d5bc28d9ec41e2e8
https://github.com/advisories/GHSA-5crp-hwj6-6www