CVE-2026-23137

of: unittest: Fix memory leak in unittest_data_add()

Assigner: Linux
Reserved: 13.01.2026 Published: 14.02.2026 Updated: 14.02.2026

In the Linux kernel, the following vulnerability has been resolved:

of: unittest: Fix memory leak in unittest_data_add()

In unittest_data_add(), if of_resolve_phandles() fails, the allocated unittest_data is not freed, leading to a memory leak.

Fix this by using scope-based cleanup helper __free(kfree) for automatic resource cleanup. This ensures unittest_data is automatically freed when it goes out of scope in error paths.

For the success path, use retain_and_null_ptr() to transfer ownership of the memory to the device tree and prevent double freeing.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 2eb46da2a760e5764c48b752a5ef320e02b96b21 to f09b0f705bd7197863b90256ef533a6414d1db2c (excl.) affected from 2eb46da2a760e5764c48b752a5ef320e02b96b21 to 235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b (excl.)

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from 2eb46da2a760e5764c48b752a5ef320e02b96b21 to f09b0f705bd7197863b90256ef533a6414d1db2c (excl.)
affected from 2eb46da2a760e5764c48b752a5ef320e02b96b21 to 235a1eb8d2dcc49a6cf0a5ee1aa85544a5d0054b (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 3.18 is affected unaffected from 0 to 3.18 (excl.) unaffected from 6.18.6 to 6.18.* (incl.) unaffected from 6.19 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

Version 3.18 is affected
unaffected from 0 to 3.18 (excl.)
unaffected from 6.18.6 to 6.18.* (incl.)
unaffected from 6.19 to * (incl.)

References

CVE-2026-23137 PUBLISHED

of: unittest: Fix memory leak in unittest_data_add()

Product Status

References