{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23283", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:43.316Z", "dateUpdated": "2026-05-11T22:03:52.480Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:03:52.480Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()\n\nIn fp9931_hwmon_read(), if regmap_read() failed, the function returned\nthe error code without calling pm_runtime_put_autosuspend(), causing\na PM reference leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/regulator/fp9931.c"], "versions": [{"version": "12d821bd13d42e6de3ecb1c13918b1f06a3ee213", "lessThan": "ada571018d54c2381bab7c290577114f9667cda7", "status": "affected", "versionType": "git"}, {"version": "12d821bd13d42e6de3ecb1c13918b1f06a3ee213", "lessThan": "0902010c8d163f7b62e655efda1a843529152c7c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/regulator/fp9931.c"], "versions": [{"version": "6.19", "status": "affected"}, {"version": "0", "lessThan": "6.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ada571018d54c2381bab7c290577114f9667cda7"}, {"url": "https://git.kernel.org/stable/c/0902010c8d163f7b62e655efda1a843529152c7c"}], "title": "regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()\n\nIn fp9931_hwmon_read(), if regmap_read() failed, the function returned\nthe error code without calling pm_runtime_put_autosuspend(), causing\na PM reference leak."}], "id": "CVE-2026-23283", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:22.957", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0902010c8d163f7b62e655efda1a843529152c7c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ada571018d54c2381bab7c290577114f9667cda7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()", "id": "2451264", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451264"}, "csaw": false, "cwe": "CWE-911", "details": ["A flaw was found in the Linux kernel's `regulator: fp9931` component. This vulnerability occurs when the `fp9931_hwmon_read()` function fails to properly release a power management (PM) runtime reference if a `regmap_read()` operation fails. This oversight can lead to a PM reference leak, potentially causing resource exhaustion and system instability, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-23283", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23283\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23283\nhttps://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23283-3d92@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[12d821bd13d42e6de3ecb1c13918b1f06a3ee213,ada571018d54c2381bab7c290577114f9667cda7)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[12d821bd13d42e6de3ecb1c13918b1f06a3ee213,0902010c8d163f7b62e655efda1a843529152c7c)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.19"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.19)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc2,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T15:20:09.960188+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the fp9931_hwmon_read patch (commit 0902010c8d163f7b62e655efda1a843529152c7c).", "Reboot the system after applying the kernel update to reset any retained power\u2011management references.", "Verify the running kernel version or check the commit history to ensure the patch is present."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in any Linux kernel version that ships the fp9931 regulator driver without the patch commit 0902010c8d163f7b62e655efda1a843529152c7c. Systems that load this driver on a vulnerable kernel are susceptible whenever a hardware\u2011monitor read operation encounters an error.", "description_and_impact": "A defect in the Linux kernel\u2019s fp9931 regulator driver leaks power\u2011management references when a hardware\u2011monitor read fails. The regmap_read error is returned without releasing the pm_runtime put autosuspend reference, causing the reference count to grow. Over time this resource exhaustion can destabilize the power\u2011management subsystem and lead to a denial of service. The underlying weakness is a resource\u2011management flaw classified as CWE\u2011911.", "risk_and_exploitability": "The EPSS score is below 1% and the vulnerability is not listed in CISA\u2019s KEV catalog, indicating a low probability of exploitation. The attack requires an environment where the fp9931 register map read can repeatedly fail, which is most likely achieved by local system compromise or by inducing fault conditions in the hardware. Based on the description, the likely attack vector is local fault injection that forces repeated read errors; without such conditions the risk remains primarily maintenance\u2011related rather than an active attack vector."}}}}, "created": "2026-03-25T21:15:47.375357+00:00", "updated": "2026-03-27T09:50:20.469886+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}