CVE-2026-23030

The foreachavailablechildofnode() calls ofnodeput() to release childnp in each success loop. After breaking from the loop with the childnp has been released, the code will jump to the putchild label and will call the ofnodeput() again if the devmrequestthreaded_irq() fails. These cause a double free bug.

Fix by returning directly to avoid the duplicate ofnodeput().

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23030.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ed2b5a8e6b98d042b323afbe177a5dc618921b31

Fixed

b97b2c9808c9a97e0ce30216fa12096d8b0eaa75

Fixed

ebae26dd15140b840cf65be5e1c0daee949ba70b

Fixed

027d42b97e6eb827c3438ebc09bab7efaee9270d

Fixed

efe92ee7a111fe0f4d75f3ed6b7e3f86322279d5

Fixed

e07dea3de508cd6950c937cec42de7603190e1ca

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23030.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.17.0

Fixed

6.1.162

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.122

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.67

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23030.json"