CVE-2026-23337

Summary

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()

In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns directly. This bypasses the cleanup logic and results in a memory leak of the cfg buffer.

Fix this by jumping to the out label on failure, ensuring kfree(cfg) is called before returning.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux90a18c512884adb49ddc2fb30e94594169aae808 < 63ee429780a5d43b5b4406c6128109b0f47cf2f1affected
LinuxLinux90a18c512884adb49ddc2fb30e94594169aae808 < 7a648d598cb8e8c62af3f0e020a25820a3f3a9a7affected
LinuxLinux6.19affected
LinuxLinux0 < 6.19unaffected
LinuxLinux6.19.7 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References