{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23283", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:43.316Z", "dateUpdated": "2026-03-25T10:26:43.316Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:26:43.316Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()\n\nIn fp9931_hwmon_read(), if regmap_read() failed, the function returned\nthe error code without calling pm_runtime_put_autosuspend(), causing\na PM reference leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/regulator/fp9931.c"], "versions": [{"version": "12d821bd13d42e6de3ecb1c13918b1f06a3ee213", "lessThan": "ada571018d54c2381bab7c290577114f9667cda7", "status": "affected", "versionType": "git"}, {"version": "12d821bd13d42e6de3ecb1c13918b1f06a3ee213", "lessThan": "0902010c8d163f7b62e655efda1a843529152c7c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/regulator/fp9931.c"], "versions": [{"version": "6.19", "status": "affected"}, {"version": "0", "lessThan": "6.19", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ada571018d54c2381bab7c290577114f9667cda7"}, {"url": "https://git.kernel.org/stable/c/0902010c8d163f7b62e655efda1a843529152c7c"}], "title": "regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()\n\nIn fp9931_hwmon_read(), if regmap_read() failed, the function returned\nthe error code without calling pm_runtime_put_autosuspend(), causing\na PM reference leak."}], "id": "CVE-2026-23283", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:22.957", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0902010c8d163f7b62e655efda1a843529152c7c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ada571018d54c2381bab7c290577114f9667cda7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()", "id": "2451264", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451264"}, "csaw": false, "cwe": "CWE-911", "details": ["A flaw was found in the Linux kernel's `regulator: fp9931` component. This vulnerability occurs when the `fp9931_hwmon_read()` function fails to properly release a power management (PM) runtime reference if a `regmap_read()` operation fails. This oversight can lead to a PM reference leak, potentially causing resource exhaustion and system instability, resulting in a Denial of Service (DoS)."], "name": "CVE-2026-23283", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23283\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23283\nhttps://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23283-3d92@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-03-25T11:27:59.662592+00:00", "value": {"mitigation_remediation": ["Update the kernel to a version that includes the commit 0902010c8d163f7b62e655efda1a843529152c7c or ada571018d54c2381bab7c290577114f9667cda7, which restores proper PM runtime handling in fp9931_hwmon_read().", "If an official kernel update is not yet available, manually apply a patch to fp9931_hwmon_read() so that pm_runtime_put_autosuspend() is called whenever regmap_read() fails, preventing the reference leak.", "After applying the kernel update or patch, reboot the system to activate the new code path.", "Verify the kernel version with uname -r and review the relevant commit logs to confirm the presence of the fix."], "summary": {"action": "Apply Patch", "impact": "Resource Exhaustion / Denial of Service"}, "threat_synthesis": {"affected_systems": "All Linux kernel environments that include the regulator driver for FP9931 before the fix commit are potentially affected, regardless of distribution. Because the issue exists in the core kernel code, any Debian, Ubuntu, Red\u202fHat, or other mainstream Linux distribution running a kernel version that predates the commit addresses in this advisory is impacted. No specific sub\u2011version range is listed, so any kernel prior to the patch should be treated as vulnerable.", "description_and_impact": "A runtime reference leak is present in the Linux kernel regulator driver for FP9931; when regmap_read() fails, the function returns without calling pm_runtime_put_autosuspend(), leaving a PM runtime reference unreleased. This leak can gradually consume kernel resources and may lead to degraded performance or an eventual denial of service if the leak repeats frequently. The weakness corresponds to a classic resource leak, allowing exploitation primarily of kernel stability and availability.", "risk_and_exploitability": "The CVSS score is not provided, and EPSS data is unavailable; the flaw is not listed in CISA\u2019s KEV catalog. The weakness is limited to local or privileged access; an attacker must be able to invoke fp9931_hwmon_read(), for example through privileged hardware\u2011monitoring interfaces. Inference suggests the attack vector is local (or requires elevated rights), which reduces the likelihood of remote exploitation but still poses a moderate risk in environments where the hardware monitor is exposed."}}}}, "created": "2026-03-25T21:15:47.375357+00:00", "updated": "2026-03-25T21:15:47.375397+00:00", "vendors": [], "weaknesses": ["CWE-401"]}