CVE-2026-23387

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the pinctrl subsystem, specifically in the cirrus driver related to the cs42l43 component. A double-put operation exists in the cs42l43 pin probe() function due to devm add action or reset() already invoking the action on failure, leading to an unnecessary and problematic explicit put.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

CVE-2026-23387

OPENSUSE-SU-2026:20826-1

SUSE-SU-2026:21841-1

SUSE-SU-2026:21845-1

SUSE-SU-2026:21860-1

Affected Products

Linux Kernel

Cs42L43

CVE-2026-23387

Weakness Enumeration

Related Identifiers

Affected Products

References · 19