Description
In the Linux kernel, the following vulnerability has been resolved:

dpll: Prevent duplicate registrations

Modify the internal registration helpers dpll_xa_ref_{dpll,pin}_add()
to reject duplicate registration attempts.

Previously, if a caller attempted to register the same pin multiple
times (with the same ops, priv, and cookie) on the same device, the core
silently increments the reference count and return success. This behavior
is incorrect because if the caller makes these duplicate registrations
then for the first one dpll_pin_registration is allocated and for others
the associated dpll_pin_ref.refcount is incremented. During the first
unregistration the associated dpll_pin_registration is freed and for
others WARN is fired.

Fix this by updating the logic to return `-EEXIST` if a matching
registration is found to enforce a strict "register once" policy.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel resource mismanagement causing WARN messages
Action: Assess Impact
AI Analysis

Impact

The flaw resides in the Linux kernel’s DPLL subsystem, where duplicate attempts to register the same pin with identical operations, private data, and cookie are silently accepted. The first registration creates a pin registration object; each subsequent identical call merely increments a reference count. When the first unregistration releases the object, the remaining references become invalid, causing kernel WARN messages on later unregistrations. The result is inconsistent resource accounting and visible kernel warnings, but no direct crash or code execution path.

Affected Systems

Linux kernel versions that include the buggy DPLL registration logic, specifically kernel 6.19 and its release candidates up to rc6, are affected. All distributions shipping these kernel releases, until the security patch that implements duplicate‑registration rejection is applied, are potentially impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% reflects a very low likelihood of exploitation. The vulnerability is not listed in CISA's KEV catalog, and no public exploits are known. Exploitation would require a local process with privileges sufficient to invoke the DPLL registration API, and the worst outcome would be kernel WARN messages and potential instability rather than remote code execution or privilege escalation.

Generated by OpenCVE AI on April 18, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Linux kernel release that contains the patch rejecting duplicate DPLL pin registrations.
  • Modify any custom kernel modules or drivers that use the DPLL register API to check for a -EEXIST return value and avoid repeating registrations.
  • Configure system monitoring to alert on kernel WARN messages from the DPLL subsystem, enabling early detection of misbehavior.

Generated by OpenCVE AI on April 18, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Sat, 14 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations Modify the internal registration helpers dpll_xa_ref_{dpll,pin}_add() to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin multiple times (with the same ops, priv, and cookie) on the same device, the core silently increments the reference count and return success. This behavior is incorrect because if the caller makes these duplicate registrations then for the first one dpll_pin_registration is allocated and for others the associated dpll_pin_ref.refcount is incremented. During the first unregistration the associated dpll_pin_registration is freed and for others WARN is fired. Fix this by updating the logic to return `-EEXIST` if a matching registration is found to enforce a strict "register once" policy.
Title dpll: Prevent duplicate registrations
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T15:09:57.574Z

Reserved: 2026-01-13T15:37:45.971Z

Link: CVE-2026-23129

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T15:16:08.173

Modified: 2026-03-18T14:17:11.903

Link: CVE-2026-23129

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23129 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:30:45Z

Weaknesses