CVE-2026-23314 — Missing Release of Resource after Effective Lifetime in Linux
Severity
5.3MEDIUM
No vectorEPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()
In bq257xx_reg_dt_parse_gpio(), if fails to get subchild, it returns
without calling of_node_put(child), causing the device node reference
leak.
Affected Packages4 packages
▶CVEListV5linux/linux981dd162b63578aee34b5c68795e246734b76d70 — 93b64bef8cd4074806d981ed1b4c38c3ae0542e3+3
🔴Vulnerability Details
3OSV▶
CVE-2026-23314: In the Linux kernel, the following vulnerability has been resolved: regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()↗2026-03-25
GHSA▶
GHSA-mv9g-rfx4-jpcr: In the Linux kernel, the following vulnerability has been resolved:
regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()↗2026-03-25