{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-45989","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.091Z","datePublished":"2026-05-27T12:55:41.276Z","dateUpdated":"2026-06-14T17:46:43.307Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-14T17:46:43.307Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: fix use-after-free in testdrv_probe()\n\nThe function testdrv_probe() retrieves the device_node from the PCI\ndevice, applies an overlay, and then immediately calls of_node_put(dn).\nThis releases the reference held by the PCI core, potentially freeing\nthe node if the reference count drops to zero. Later, the same freed\npointer 'dn' is passed to of_platform_default_populate(), leading to a\nuse-after-free.\n\nThe reference to pdev->dev.of_node is owned by the device model and\nshould not be released by the driver. Remove the erroneous of_node_put()\nto prevent premature freeing."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/of/unittest.c"],"versions":[{"version":"26409dd045892904b059dc411403e9c8ce7543ca","lessThan":"0ba03e06f037df704d9b032e36d417633e2326bc","status":"affected","versionType":"git"},{"version":"26409dd045892904b059dc411403e9c8ce7543ca","lessThan":"d68347b07b9801791c9eaab8f772770b52b8cd5c","status":"affected","versionType":"git"},{"version":"26409dd045892904b059dc411403e9c8ce7543ca","lessThan":"5b6122a67a295f8a08b7c18d908a1bd974dfaec8","status":"affected","versionType":"git"},{"version":"26409dd045892904b059dc411403e9c8ce7543ca","lessThan":"6b2023286d2c6ed3bf964fb92e34c9c14d42eb69","status":"affected","versionType":"git"},{"version":"26409dd045892904b059dc411403e9c8ce7543ca","lessThan":"07fd339b2c253205794bea5d9b4b7548a4546c56","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/of/unittest.c"],"versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","status":"unaffected","versionType":"semver"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.140"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.12.86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.18.27"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"7.0.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ba03e06f037df704d9b032e36d417633e2326bc"},{"url":"https://git.kernel.org/stable/c/d68347b07b9801791c9eaab8f772770b52b8cd5c"},{"url":"https://git.kernel.org/stable/c/5b6122a67a295f8a08b7c18d908a1bd974dfaec8"},{"url":"https://git.kernel.org/stable/c/6b2023286d2c6ed3bf964fb92e34c9c14d42eb69"},{"url":"https://git.kernel.org/stable/c/07fd339b2c253205794bea5d9b4b7548a4546c56"}],"title":"of: unittest: fix use-after-free in testdrv_probe()","x_generator":{"engine":"bippy-1.2.0"}}}}