CVE Catalog

CVE-2026-45868

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

In the Linux kernel, a reference leak was detected in the pcs_add_gpio_func() function in the pinctrl-single driver. The of_parse_phandle_with_args() function increments the reference count for the gpiospec.np node, but the loop iterating through all handles never releases these references, leading to a memory leak. The issue was detected by a static analysis tool and confirmed during code review.

Risk Assessment

The reference leak can lead to gradual exhaustion of kernel memory, potentially causing system instability or denial of service (DoS) in the long term.

Recommendation

Apply a Linux kernel patch that adds of_node_put() calls to release the reference after processing the arguments and on the error path when devm_kzalloc() fails.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix refcount leak in pcs_add_gpio_func() of_parse_phandle_with_args() returns a device_node pointer with refcount incremented in gpiospec.np. The loop iterates through all phandles but never releases the reference, causing a refcount leak on each iteration. Add of_node_put() calls to release the reference after extracting the needed arguments and on the error path when devm_kzalloc() fails. This bug was detected by our static analysis tool and verified by my code review.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS