Skip to main content

Linux EUVDEUVD-2026-15387

| CVE-2026-23387 HIGH
Double Free (CWE-415)
2026-03-25 Linux
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
5.2 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 18:52 vuln.today
cvss_changed
CVSS changed
Apr 24, 2026 - 18:52 NVD
7.8 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15387
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:28 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe()

devm_add_action_or_reset() already invokes the action on failure, so the explicit put causes a double-put.

AnalysisAI

A double-put vulnerability exists in the Linux kernel's pinctrl cirrus cs42l43 driver probe function, where devm_add_action_or_reset() already invokes cleanup on failure but the code explicitly calls put again, causing a double-free condition. This affects Linux kernel versions across multiple stable branches where the cs42l43 pinctrl driver is compiled. The vulnerability could lead to kernel memory corruption and potential denial of service or information disclosure when the driver probe path encounters failure conditions.

Technical ContextAI

The vulnerability resides in the cs42l43_pin_probe() function within the Linux kernel's pinctrl subsystem, specifically in the cirrus cs42l43 codec pin controller driver. The root cause is a resource management error (CWE-672: Operation on a Resource after Expiration) where devm_add_action_or_reset() is a kernel device management function that automatically executes a cleanup action upon device failure or explicit request. When devm_add_action_or_reset() is called with a put function as the action, it takes ownership of calling that put operation on failure. The bug occurs because after calling devm_add_action_or_reset(), the code path contains an explicit put() call that executes regardless, resulting in double-put when the action is already triggered. This is a common pattern error in devm (device-managed) resource handling where developers mistakenly treat devm functions like non-devm versions, double-freeing reference-counted objects. The affected CPE is cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* with impact on stable kernel branches.

RemediationAI

Upgrade the Linux kernel to a version containing one of the referenced stable patches (commits 95b14ecc56881dd9a187e1e84dd0daa88ff22c5d, 188ba3468cb7c098c62609d82e9fc58d29ead7f4, ea07fcfbba4301839db3784f09955d9fa3e98090, 1e0465139fd9caee7ffefe285ef7d5f21919e474, or fd5bed798f45eb3a178ad527b43ab92705faaf8a). Distributions should backport these commits from the stable kernel repository at https://git.kernel.org/stable/. For systems unable to immediately patch, disable the cs42l43 pinctrl driver via CONFIG_PINCTRL_CS42L43=n if the hardware is not required, or restrict hardware access to prevent unintended driver probe scenarios. Monitor kernel logs for probe failures and schedule kernel updates at the next maintenance window.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15387 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy