{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23137", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.971Z", "datePublished": "2026-02-14T15:22:22.690Z", "dateUpdated": "2026-05-11T22:00:51.029Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:00:51.029Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: Fix memory leak in unittest_data_add()\n\nIn unittest_data_add(), if of_resolve_phandles() fails, the allocated\nunittest_data is not freed, leading to a memory leak.\n\nFix this by using scope-based cleanup helper __free(kfree) for automatic\nresource cleanup. This ensures unittest_data is automatically freed when\nit goes out of scope in error paths.\n\nFor the success path, use retain_and_null_ptr() to transfer ownership\nof the memory to the device tree and prevent double freeing."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/of/unittest.c"], "versions": [{"version": "2eb46da2a760e5764c48b752a5ef320e02b96b21", "lessThan": "f09b0f705bd7197863b90256ef533a6414d1db2c", "status": "affected", "versionType": "git"}, {"version": "2eb46da2a760e5764c48b752a5ef320e02b96b21", "lessThan": "235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/of/unittest.c"], "versions": [{"version": "3.18", "status": "affected"}, {"version": "0", "lessThan": "3.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.6", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.18.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f09b0f705bd7197863b90256ef533a6414d1db2c"}, {"url": "https://git.kernel.org/stable/c/235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b"}], "title": "of: unittest: Fix memory leak in unittest_data_add()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE21EC83-E3EF-4E6F-862D-1E8DA63CBCD0", "versionEndExcluding": "6.18.6", "versionStartIncluding": "3.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: Fix memory leak in unittest_data_add()\n\nIn unittest_data_add(), if of_resolve_phandles() fails, the allocated\nunittest_data is not freed, leading to a memory leak.\n\nFix this by using scope-based cleanup helper __free(kfree) for automatic\nresource cleanup. This ensures unittest_data is automatically freed when\nit goes out of scope in error paths.\n\nFor the success path, use retain_and_null_ptr() to transfer ownership\nof the memory to the device tree and prevent double freeing."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nof: unittest: Correcci\u00f3n de fuga de memoria en unittest_data_add()\n\nEn unittest_data_add(), si of_resolve_phandles() falla, el unittest_data asignado no se libera, lo que provoca una fuga de memoria.\n\nEsto se soluciona usando un ayudante de limpieza basado en el \u00e1mbito __free(kfree) para la limpieza autom\u00e1tica de recursos. Esto asegura que unittest_data se libera autom\u00e1ticamente cuando sale del \u00e1mbito en rutas de error.\n\nPara la ruta de \u00e9xito, use retain_and_null_ptr() para transferir la propiedad de la memoria al \u00e1rbol de dispositivos y evitar la doble liberaci\u00f3n."}], "id": "CVE-2026-23137", "lastModified": "2026-03-17T21:15:45.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-14T16:15:53.703", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f09b0f705bd7197863b90256ef533a6414d1db2c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: of: unittest: Fix memory leak in unittest_data_add()", "id": "2439844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439844"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23137", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23137\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23137\nhttps://lore.kernel.org/linux-cve-announce/2026021429-CVE-2026-23137-b77f@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2eb46da2a760e5764c48b752a5ef320e02b96b21,f09b0f705bd7197863b90256ef533a6414d1db2c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2eb46da2a760e5764c48b752a5ef320e02b96b21,235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,3.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.6,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-17T19:38:33.795546+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that contains the unittest_data_add memory\u2011leak fix", "If upgrading immediately is not possible, avoid loading or triggering the faulty device tree unit tests that call of_resolve_phandles() until the kernel can be patched", "Restart the system after applying the patch and monitor memory usage to confirm the leak has been eliminated"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via Resource Exhaustion"}, "threat_synthesis": {"affected_systems": "Linux kernel builds that contain the faulty unittest_data_add() implementation, specifically the 6.19 release candidates rc1 through rc4 as indicated by the cpe entries. The issue may also affect other kernels that have not yet received the patch, depending on their inclusion of the same code path.", "description_and_impact": "The vulnerability arises in the Linux kernel unittest_data_add() function, where a failed call to of_resolve_phandles() results in an allocated memory block not being freed. The unreleased memory can accumulate over time, leading to resource exhaustion. While this defect does not allow direct code execution or privilege escalation, the prolonged use of the kernel could degrade system responsiveness or cause failures, effectively creating a denial of service condition.", "risk_and_exploitability": "The CVSS base score of 5.5 denotes moderate severity, and an EPSS score below 1% indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The failure occurs during a kernel path that is typically exercised when device tree bindings are resolved, which is a local scenario requiring privileged execution. Consequently, the primary risk is that a local privileged user could repeatedly trigger the problematic code path, potentially exhausting memory over time. Remote exploitation is unlikely without additional vulnerabilities."}}}}, "created": "2026-02-16T12:01:29.083359+00:00", "updated": "2026-04-17T19:45:25.900094+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}