CVE-2026-45868
Published: May 27, 2026
Modified: May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix refcount leak in pcs_add_gpio_func() of_parse_phandle_with_args() returns a device_node pointer with refcount incremented in gpiospec.np. The loop iterates through all phandles but never releases the reference, causing a refcount leak on each iteration. Add of_node_put() calls to release the reference after extracting the needed arguments and on the error path when devm_kzalloc() fails. This bug was detected by our static analysis tool and verified by my code review.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected a1a277eb76b3507df7c41774048a644aa4dfd096 - < 191bfd5710d6a7f48ba4315d8d3e908dcc15243caffected a1a277eb76b3507df7c41774048a644aa4dfd096 - < 3e3b28bb0b6ddc521a4fdd1c1ba0d35017a0796baffected a1a277eb76b3507df7c41774048a644aa4dfd096 - < 456a60d06c09a92680dc35fabca68024badcc28eaffected a1a277eb76b3507df7c41774048a644aa4dfd096 - < 99cc7352156c65201c675f750e0e77c4c73d93f5affected a1a277eb76b3507df7c41774048a644aa4dfd096 - < 7814b1431848854b56717086e2b61bea3c59753d+3 more versions |
Linux | Linux | affected 3.10unaffected 0 - < 3.10unaffected 5.10.252 - <= 5.10.*unaffected 5.15.202 - <= 5.15.*unaffected 6.1.165 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now