CVE-2026-23387
Received
Received - Intake
Double-Free Vulnerability in Linux Kernel cs42l43 Pin Control Module
Publication date: 2026-03-25
Last updated on: 2026-04-24
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe()
devm_add_action_or_reset() already invokes the action on failure,
so the explicit put causes a double-put.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.17.10 (inc) to 6.18 (exc) |
| linux | linux_kernel | 6.18 |
| linux | linux_kernel | From 6.18.1 (inc) to 6.18.17 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.12.60 (inc) to 6.12.77 (exc) |
| linux | linux_kernel | From 6.6.118 (inc) to 6.6.130 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
