CVE-2026-23337

EUVD-2026-15301
In the Linux kernel, the following vulnerability has been resolved:

pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()

In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns
directly. This bypasses the cleanup logic and results in a memory leak of
the cfg buffer.

Fix this by jumping to the out label on failure, ensuring kfree(cfg) is
called before returning.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.164-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-1
fixed
forky
6.19.8-1
fixed
sid
6.19.8-1
fixed
trixie
6.12.73-1
fixed
trixie (security)
6.12.74-2
fixed
References
https://git.kernel.org/stable/c/63ee429780a5d43b5b4406c6128109b0f47cf2f1
https://git.kernel.org/stable/c/7a648d598cb8e8c62af3f0e020a25820a3f3a9a7