CVE-2026-23137

MEDIUM

Linux kernel - Memory Corruption

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: of: unittest: Fix memory leak in unittest_data_add() In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak. Fix this by using scope-based cleanup helper __free(kfree) for automatic resource cleanup. This ensures unittest_data is automatically freed when it goes out of scope in error paths. For the success path, use retain_and_null_ptr() to transfer ownership of the memory to the device tree and prevent double freeing.

References (2)

[Patch] https://git.kernel.org/stable/c/235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b

[Patch] https://git.kernel.org/stable/c/f09b0f705bd7197863b90256ef533a6414d1db2c

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (9)

linux/Kernel 3.18.0 - 6.18.6linux

Linux/Linux < 3.18

Linux/Linux 2eb46da2a760e5764c48b752a5ef320e02b96b21 - 235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b

Linux/Linux 2eb46da2a760e5764c48b752a5ef320e02b96b21 - f09b0f705bd7197863b90256ef533a6414d1db2c

Linux/Linux 3.18

Linux/Linux 6.18.6 - 6.18.*

Linux/Linux 6.19

linux/linux_kernel 6.19 rc1 (4 CPE variants)

linux/linux_kernel 3.18 - 6.18.6

Published Feb 14, 2026

Tracked Since Feb 18, 2026