CVE-2026-23137

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

of: unittest: Fix memory leak in unittest_data_add()

In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak.

Fix this by using scope-based cleanup helper __free(kfree) for automatic resource cleanup. This ensures unittest_data is automatically freed when it goes out of scope in error paths.

For the success path, use retain_and_null_ptr() to transfer ownership of the memory to the device tree and prevent double freeing.

EPSS Score: 0.00107 (0.014)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Missing Release of Memory after Effective Lifetime


NIST

CREATED

UPDATED

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.5medium

Debian

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-84f3-vfxg-j6h9

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

UPDATED

ADVISORY ID

CVE-2026-23137

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium