CVE Catalog

CVE-2026-46288

HighCVSS 8.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile - higher than 4% of all known CVEs

Summary

A use-after-free vulnerability was found in the Linux kernel's of_unittest_changeset() function. The 'parent' variable points to the same device_node as 'nchangeset', and calling of_node_put(nchangeset) may free memory before the last use of 'parent', causing a use-after-free.

Risk Assessment

This vulnerability can lead to undefined system behavior, including potential privilege escalation or kernel crashes, compromising system stability and security.

Recommendation

Apply the kernel patch immediately, which moves the of_node_put() call after the last access to 'parent'.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in of_unittest_changeset() The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct device_node. The call to of_node_put(nchangeset) can decrement the reference count to zero and free the node if there are no other holders. After that, the code still uses 'parent' to check for the presence of a property and to read a string property, leading to a use-after-free. Fix this by moving the of_node_put() call after the last access to 'parent', avoiding the UAF.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS