CVE-2026-23337 — Missing Release of Resource after Effective Lifetime in Linux
Severity
7.2HIGHGHSA
No vectorEPSS
0.0%
top 93.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Latest updateApr 1
Description
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()
In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns
directly. This bypasses the cleanup logic and results in a memory leak of
the cfg buffer.
Fix this by jumping to the out label on failure, ensuring kfree(cfg) is
called before returning.
Affected Packages7 packages
▶CVEListV5linux/linux90a18c512884adb49ddc2fb30e94594169aae808 — 63ee429780a5d43b5b4406c6128109b0f47cf2f1+2
🔴Vulnerability Details
4OSV▶
CVE-2026-23337: In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config() In↗2026-03-25
GHSA▶
GHSA-5599-vj49-3fh3: In the Linux kernel, the following vulnerability has been resolved:
pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()
I↗2026-03-25
📋Vendor Advisories
3Red Hat
▶
Debian▶
CVE-2026-23337: linux - In the Linux kernel, the following vulnerability has been resolved: pinctrl: pi...↗2026
🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2026-4800 lodash: lodash: Arbitrary code execution via untrusted input in template imports↗2026-03-31