CVE-2026-45868
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
In the Linux kernel, a reference leak was detected in the pcs_add_gpio_func() function in the pinctrl-single driver. The of_parse_phandle_with_args() function increments the reference count for the gpiospec.np node, but the loop iterating through all handles never releases these references, leading to a memory leak. The issue was detected by a static analysis tool and confirmed during code review.
Risk Assessment
The reference leak can lead to gradual exhaustion of kernel memory, potentially causing system instability or denial of service (DoS) in the long term.
Recommendation
Apply a Linux kernel patch that adds of_node_put() calls to release the reference after processing the arguments and on the error path when devm_kzalloc() fails.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix refcount leak in pcs_add_gpio_func() of_parse_phandle_with_args() returns a device_node pointer with refcount incremented in gpiospec.np. The loop iterates through all phandles but never releases the reference, causing a refcount leak on each iteration. Add of_node_put() calls to release the reference after extracting the needed arguments and on the error path when devm_kzalloc() fails. This bug was detected by our static analysis tool and verified by my code review.

