{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23314", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.994Z", "datePublished": "2026-03-25T10:27:09.383Z", "dateUpdated": "2026-03-25T10:27:09.383Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:09.383Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()\n\nIn bq257xx_reg_dt_parse_gpio(), if fails to get subchild, it returns\nwithout calling of_node_put(child), causing the device node reference\nleak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/regulator/bq257xx-regulator.c"], "versions": [{"version": "981dd162b63578aee34b5c68795e246734b76d70", "lessThan": "93b64bef8cd4074806d981ed1b4c38c3ae0542e3", "status": "affected", "versionType": "git"}, {"version": "981dd162b63578aee34b5c68795e246734b76d70", "lessThan": "aba54a5a113667df9d339f4192650f6bc27e9d1f", "status": "affected", "versionType": "git"}, {"version": "981dd162b63578aee34b5c68795e246734b76d70", "lessThan": "4baaddaa44af01cd4ce239493060738fd0881835", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/regulator/bq257xx-regulator.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/93b64bef8cd4074806d981ed1b4c38c3ae0542e3"}, {"url": "https://git.kernel.org/stable/c/aba54a5a113667df9d339f4192650f6bc27e9d1f"}, {"url": "https://git.kernel.org/stable/c/4baaddaa44af01cd4ce239493060738fd0881835"}], "title": "regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()\n\nIn bq257xx_reg_dt_parse_gpio(), if fails to get subchild, it returns\nwithout calling of_node_put(child), causing the device node reference\nleak."}], "id": "CVE-2026-23314", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:27.767", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4baaddaa44af01cd4ce239493060738fd0881835"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/93b64bef8cd4074806d981ed1b4c38c3ae0542e3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/aba54a5a113667df9d339f4192650f6bc27e9d1f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()", "id": "2451211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451211"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel, specifically within the `regulator: bq257xx` subsystem. This vulnerability, a device node reference leak, occurs when the `bq257xx_reg_dt_parse_gpio()` function fails to properly manage system resources. An attacker could potentially exploit this to cause a denial of service (DoS), making the system unresponsive."], "name": "CVE-2026-23314", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23314\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23314\nhttps://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23314-166c@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-03-25T11:47:22.395909+00:00", "value": {"mitigation_remediation": ["Update the kernel to a version that includes the commit 4baaddaa44af01cd4ce239493060738fd0881835, 93b64bef8cd4074806d981ed1b4c38c3ae0542e3, or aba54a5a113667df9d339f4192650f6bc27e9d1f that implements the fix", "Verify the kernel change log or vendor release notes for confirmation that the bq257xx_reg_dt_parse_gpio() reference leak has been resolved", "If an update is not immediately possible, monitor system logs for repeated DT parsing errors and consider disabling the bq257xx regulator driver if it is not critical for your system"], "summary": {"action": "Apply Patch", "impact": "Denial of Service via resource exhaustion"}, "threat_synthesis": {"affected_systems": "Any systems running a Linux kernel that includes the bq257xx regulator driver are potentially impacted. The vendor/product description lists the Linux kernel broadly, with no specific version constraint provided in the data. Distributions that ship the affected kernel source are likely affected until they incorporate the patch.", "description_and_impact": "The bug resides in the Linux kernel\u2019s bq257xx regulator driver, where a failure to obtain a subchild node in the DT parsing routine leads to a missing reference count decrement. This oversight causes a device node reference leak that can accumulate over time, potentially exhausting kernel memory and degrading system availability. The problem does not provide direct code execution capabilities but may result in a denial\u2011of\u2011service condition if the leak is significant or repeated.", "risk_and_exploitability": "The vulnerability\u2019s severity is limited to a local or privileged attacker, as it originates in kernel space. No CVSS score or EPSS probability is supplied, and the issue is not flagged in the CISA KEV catalog, indicating a lower public exploitation risk. The primary risk is a gradual memory exhaustion, which can be mitigated by applying the kernel update that addresses the reference leak."}}}}, "created": "2026-03-25T21:15:15.231127+00:00", "updated": "2026-03-25T21:15:15.231172+00:00", "vendors": []}