In the Linux kernel, the following vulnerability has been resolved:
pinctrl: single: fix refcount leak in pcsaddgpio_func()
ofparsephandlewithargs() returns a device_node pointer with refcount incremented in gpiospec.np. The loop iterates through all phandles but never releases the reference, causing a refcount leak on each iteration.
Add ofnodeput() calls to release the reference after extracting the needed arguments and on the error path when devm_kzalloc() fails.
This bug was detected by our static analysis tool and verified by my code review.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45868.json",
"cna_assigner": "Linux"
}