{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23081", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.960Z", "datePublished": "2026-02-04T16:08:05.822Z", "dateUpdated": "2026-05-11T21:59:37.954Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:37.954Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: intel-xway: fix OF node refcount leakage\n\nAutomated review spotted am OF node reference count leakage when\nchecking if the 'leds' child node exists.\n\nCall of_put_node() to correctly maintain the refcount."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/phy/intel-xway.c"], "versions": [{"version": "1758af47b98c17da464cb45f476875150955dd48", "lessThan": "1f24dfd556401b75f78e8d9cbd94dd9f31411c3a", "status": "affected", "versionType": "git"}, {"version": "1758af47b98c17da464cb45f476875150955dd48", "lessThan": "79912b256e14054e6ba177d7e7e631485ce23dbe", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/phy/intel-xway.c"], "versions": [{"version": "6.13", "status": "affected"}, {"version": "0", "lessThan": "6.13", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1f24dfd556401b75f78e8d9cbd94dd9f31411c3a"}, {"url": "https://git.kernel.org/stable/c/79912b256e14054e6ba177d7e7e631485ce23dbe"}], "title": "net: phy: intel-xway: fix OF node refcount leakage", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: intel-xway: fix OF node refcount leakage\n\nAutomated review spotted am OF node reference count leakage when\nchecking if the 'leds' child node exists.\n\nCall of_put_node() to correctly maintain the refcount."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: phy: intel-xway: solucionar fuga de contador de referencias de nodo OF\n\nUna revisi\u00f3n automatizada detect\u00f3 una fuga en el contador de referencias de un nodo OF al verificar si el nodo hijo 'leds' existe.\n\nLlamar a of_put_node() para mantener correctamente el contador de referencias."}], "id": "CVE-2026-23081", "lastModified": "2026-03-18T13:44:29.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-04T17:16:18.873", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1f24dfd556401b75f78e8d9cbd94dd9f31411c3a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/79912b256e14054e6ba177d7e7e631485ce23dbe"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Linux kernel: Denial of Service in intel-xway PHY driver due to OF node reference count leakage", "id": "2436832", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436832"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's intel-xway PHY (Physical Layer) driver. This vulnerability involves an improper management of Open Firmware (OF) node reference counts. A local attacker could exploit this by repeatedly triggering a specific condition, leading to resource exhaustion and ultimately a denial of service (DoS) on the system."], "name": "CVE-2026-23081", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23081\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23081\nhttps://lore.kernel.org/linux-cve-announce/2026020421-CVE-2026-23081-5494@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-17T23:37:19.598585+00:00", "value": {"mitigation_remediation": ["Upgrade to a Linux kernel version that includes the fix, such as any release newer than 6.19\u2011rc6 or any later stable kernel that contains the OF node refcount patch.", "If your environment cannot be updated immediately, obtain the upstream patch from the referenced commit links and apply it to your kernel source tree, then rebuild and install the kernel.", "Monitor kernel logs and memory usage for signs of abnormal resource consumption, and ensure that device access is restricted to trusted users if feasible."], "summary": {"action": "Apply Patch", "impact": "Resource Leak / Potential Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects systems running Linux kernel 6.19, specifically the release candidates 6.19\u2011rc1 through 6.19\u2011rc6. The kernel\u2019s Open Firmware node reference counting in the Intel Xway PHY driver is the component that is impacted.", "description_and_impact": "The flaw exists in the Linux kernel\u2019s Intel Xway PHY driver where an Open Firmware (OF) node\u2019s reference count is incorrectly left incremented when the driver checks for a child \u2018leds\u2019 node. Because the reference is never released, the node remains allocated, leading to a gradual consumption of kernel memory and an increase in resource usage. If the leak continues unchecked, it can cause system instability or a denial\u2011of\u2011service condition. This issue is classified as a resource leak (CWE\u2011772).", "risk_and_exploitability": "According to the supplied CVSS score of 5.5, the severity is moderate. The EPSS score is below 1\u202f%, indicating a very low probability of exploitation as of the last assessment. It is not listed in the CISA KEV catalog, further suggesting that no widespread exploitation has been reported. The likely attack vector is local and requires triggering the driver\u2019s device initialization that performs the flawed \u2018leds\u2019 node check; thus it would be limited to users with kernel or device\u2011driver access. The overall risk remains moderate but likely low for most environments."}}}}, "created": "2026-04-17T23:45:25.810499+00:00", "title": "Kernel Open Firmware Node Reference Count Leak in Intel Xway PHY Driver", "updated": "2026-04-17T23:45:25.810508+00:00", "vendors": []}