CVE-2026-43196

HIGH

soc: ti: pruss: Fix double free in pruss_clk_mux_setup()

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in pruss_clk_mux_setup() In the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly calls pruss_of_free_clk_provider(), which calls of_node_put(clk_mux_np) on the error path. However, after the devm_add_action_or_reset() returns, the of_node_put(clk_mux_np) is called again, causing a double free. Fix by returning directly, to avoid the duplicate of_node_put().

References (8)

Core 8

Core References

https://git.kernel.org/stable/c/dbda01bf2dfe5af33163e1e5fca1b82b619c2803

https://git.kernel.org/stable/c/24c40076e3bc3d73c839c886d6bda1da6c4d9b93

https://git.kernel.org/stable/c/818cf66d91c8ef09b01664a12d5f4ea786d64396

https://git.kernel.org/stable/c/e113339cc7d23be4948891f3a702e9dce5b47035

https://git.kernel.org/stable/c/69aa67c1e22d13e9aad4b08c86304ad8e743dcab

https://git.kernel.org/stable/c/b7db9953c2f8da37de498198623b05b46f8e2ca0

https://git.kernel.org/stable/c/04dbbb18cc9c8795c9ff47d8994bc03ebfef9d68

https://git.kernel.org/stable/c/80db65d4acfb9ff12d00172aed39ea8b98261aad

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-415

Status published

Products (19)

Linux/Linux < 5.10

Linux/Linux 5.10

Linux/Linux 5.10.252 - 5.10.*

Linux/Linux 5.15.202 - 5.15.*

Linux/Linux 6.1.165 - 6.1.*

Linux/Linux 6.12.75 - 6.12.*

Linux/Linux 6.18.16 - 6.18.*

Linux/Linux 6.19.6 - 6.19.*

Linux/Linux 6.6.128 - 6.6.*

Linux/Linux 7.0

... and 9 more

Published May 06, 2026

Tracked Since May 06, 2026