CVE-2026-23030
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-01-31

Last updated on: 2026-06-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop with the child_np has been released, the code will jump to the put_child label and will call the of_node_put() again if the devm_request_threaded_irq() fails. These cause a double free bug. Fix by returning directly to avoid the duplicate of_node_put().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-31
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-01-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23030
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rockchip inno_usb2 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a double free bug in the Linux kernel's rockchip inno-usb2 driver. Specifically, the function rockchip_usb2phy_probe() improperly releases a resource twice due to calling of_node_put() more than once on the same object when an error occurs, which can lead to memory corruption.

Impact Analysis

The double free bug can cause memory corruption, which may lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges if exploited.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the double free bug in rockchip_usb2phy_probe(). This fix prevents the duplicate of_node_put() call by returning directly after failure in devm_request_threaded_irq().

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23030. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart