216.73.217.22

CVE-2026-45989

· Published 27/05/2026 16:17 · Modified 27/05/2026 14:48 · Author: The MITRE Corporation

Labels: CVE-2026-45989 2026-05-27416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2026-45989

Essential information

Published
27/05/2026 16:17
Modified
27/05/2026 14:48
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.8 HIGH (v3.1)
CISA KEV
No
CWE
CWE-416
EPSS (First)
P9.9% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00200)
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrv_probe() The function testdrv_probe() retrieves the device_node from the PCI device, applies an overlay, and then immediately calls of_node_put(dn). This releases the reference held by the PCI core, potentially freeing the node if the reference count drops to zero. Later, the same freed pointer 'dn' is passed to of_platform_default_populate(), leading to a use-after-free. The reference to pdev->dev.of_node is owned by the device model and should not be released by the driver. Remove the erroneous of_node_put() to prevent premature freeing.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux cpe:2.3:o:linux:linux:*:*:*:*:*:*:*:*

References