In the Linux kernel, the following vulnerability has been resolved:
of: unittest: fix use-after-free in testdrv_probe()
The function testdrvprobe() retrieves the devicenode from the PCI device, applies an overlay, and then immediately calls ofnodeput(dn). This releases the reference held by the PCI core, potentially freeing the node if the reference count drops to zero. Later, the same freed pointer 'dn' is passed to ofplatformdefault_populate(), leading to a use-after-free.
The reference to pdev->dev.ofnode is owned by the device model and should not be released by the driver. Remove the erroneous ofnode_put() to prevent premature freeing.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45989.json",
"cna_assigner": "Linux"
}