CVE-2026-45868
Analyzed Analyzed - Analysis Complete

Linux Kernel Pinctrl Single Refcount Leak Fix

Vulnerability report for CVE-2026-45868, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-27

Last updated on: 2026-06-25

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix refcount leak in pcs_add_gpio_func() of_parse_phandle_with_args() returns a device_node pointer with refcount incremented in gpiospec.np. The loop iterates through all phandles but never releases the reference, causing a refcount leak on each iteration. Add of_node_put() calls to release the reference after extracting the needed arguments and on the error path when devm_kzalloc() fails. This bug was detected by our static analysis tool and verified by my code review.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-27
Last Modified
2026-06-25
Generated
2026-07-07
AI Q&A
2026-05-28
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.14 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 3.10 (inc) to 5.10.252 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The vulnerability is fixed by adding calls to of_node_put() to release the reference after extracting the needed arguments and on the error path when devm_kzalloc() fails.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Executive Summary

This vulnerability is a reference count leak in the Linux kernel's pinctrl subsystem, specifically in the function pcs_add_gpio_func().

The function of_parse_phandle_with_args() returns a device_node pointer with its reference count incremented. However, in a loop that iterates through all phandles, the code never releases these references, causing a reference count leak on each iteration.

The fix involves adding calls to of_node_put() to release the references after extracting the needed arguments and also on the error path when memory allocation fails.

Impact Analysis

A reference count leak can lead to resource leaks in the kernel, potentially causing increased memory usage over time.

While this specific vulnerability does not have an assigned CVSS score or detailed impact description, such leaks can degrade system stability or performance if the leaked resources accumulate.

Detection Guidance

This vulnerability is a refcount leak in the Linux kernel's pinctrl subsystem related to the function pcs_add_gpio_func(). It is caused by not releasing device_node references properly during iteration.

Detection of this specific refcount leak on a running system or network is not straightforward because it involves internal kernel memory management and reference counting.

There are no specific commands provided to detect this vulnerability directly.

However, general approaches to detect kernel refcount leaks include monitoring kernel logs for warnings or errors, using kernel debugging tools, or running static analysis tools on the kernel source code.

To confirm if your system is vulnerable, check the Linux kernel version and verify if it includes the patch that adds of_node_put() calls in pcs_add_gpio_func().

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45868. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart