8.4
/ 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
In the Linux kernel, the following vulnerability has been resolved:
of: unittest: fix use-after-free in of_unittest_changeset()
The variable 'parent' is assigned the value of 'nchangeset' earlier in the
function, meaning both point to the same struct device_node. The call to
of_node_put(nchangeset) can decrement the reference count to zero and
free the node if there are no other holders. After that, the code still
uses 'parent' to check for the presence of a property and to read a
string property, leading to a use-after-free.
Fix this by moving the of_node_put() call after the last access to
'parent', avoiding the UAF.
of: unittest: fix use-after-free in of_unittest_changeset()
The variable 'parent' is assigned the value of 'nchangeset' earlier in the
function, meaning both point to the same struct device_node. The call to
of_node_put(nchangeset) can decrement the reference count to zero and
free the node if there are no other holders. After that, the code still
uses 'parent' to check for the presence of a property and to read a
string property, leading to a use-after-free.
Fix this by moving the of_node_put() call after the last access to
'parent', avoiding the UAF.
Basic Information
ID
CVE-2026-46288
Source
Linux
Published
Jun 8, 2026 at 15:41
Modified
Jun 14, 2026 at 04:30
Affected Product
Vendor
Linux
Product
Linux
Version
1c668ea65506e67ce2eae07b69bb09fcdd86e309
Affected Versions
Linux Linux 1c668ea65506e67ce2eae07b69bb09fcdd86e309
Linux Linux 1c668ea65506e67ce2eae07b69bb09fcdd86e309
Linux Linux 1c668ea65506e67ce2eae07b69bb09fcdd86e309
Linux Linux 1c668ea65506e67ce2eae07b69bb09fcdd86e309
Linux Linux 6.12
Linux Linux 1c668ea65506e67ce2eae07b69bb09fcdd86e309
Linux Linux 1c668ea65506e67ce2eae07b69bb09fcdd86e309
Linux Linux 1c668ea65506e67ce2eae07b69bb09fcdd86e309
Linux Linux 6.12