CVE-2026-23015
BaseFortify
Publication date: 2026-01-31
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.13 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.13.1 (inc) to 6.18.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reference leak in the Linux kernel's gpio_mpsse_probe() function. Specifically, when an error occurs in this function, a reference obtained by calling usb_get_dev() is not properly released, leading to a resource leak. The issue was fixed by using device managed helper functions to ensure the reference is released correctly, and by removing an unnecessary usb_put_dev() call in the disconnect function.
How can this vulnerability impact me? :
The impact of this vulnerability is a resource leak in the Linux kernel, which could potentially lead to increased memory or resource consumption over time if the error paths are triggered repeatedly. This might degrade system stability or performance but does not directly indicate a security breach or data compromise.