CVE-2026-23137

Summary

In the Linux kernel, the following vulnerability has been resolved:

of: unittest: Fix memory leak in unittest_data_add()

In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak.

Fix this by using scope-based cleanup helper __free(kfree) for automatic resource cleanup. This ensures unittest_data is automatically freed when it goes out of scope in error paths.

For the success path, use retain_and_null_ptr() to transfer ownership of the memory to the device tree and prevent double freeing.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2eb46da2a760e5764c48b752a5ef320e02b96b21 < f09b0f705bd7197863b90256ef533a6414d1db2caffected
LinuxLinux2eb46da2a760e5764c48b752a5ef320e02b96b21 < 235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054baffected
LinuxLinux3.18affected
LinuxLinux0 < 3.18unaffected
LinuxLinux6.18.6 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References