CVE-2026-45925
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to a reference leak in the thermal_of_cm_lookup() function. The tr_np value is obtained via of_parse_phandle() but is never released, leading to a memory leak.
Risk Assessment
Organizations may experience performance issues due to memory leaks, which can lead to destabilization of services running on the Linux system.
Recommendation
It is recommended to update the Linux kernel to a version where this vulnerability has been fixed to avoid issues related to memory leaks.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermal_of_cm_lookup() In thermal_of_cm_lookup(), tr_np is obtained via of_parse_phandle(), but never released. Use the __free(device_node) cleanup attribute to automatically release the node and fix the leak. [ rjw: Changelog edits ]

