CVE-2026-45925

high

Description

In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermal_of_cm_lookup() In thermal_of_cm_lookup(), tr_np is obtained via of_parse_phandle(), but never released. Use the __free(device_node) cleanup attribute to automatically release the node and fix the leak. [ rjw: Changelog edits ]

References

https://git.kernel.org/stable/c/a1fe789a96fe47733c133134fd264cb7ca832395

https://git.kernel.org/stable/c/8af710156c53cdb392d529497ef2b3a10a1f9370

https://git.kernel.org/stable/c/8344d5da9df74fdbef676214d0c482fc822a01ca

https://git.kernel.org/stable/c/025796ccd7f9f2e013e12319de26b6c021a80c1f

Details

Source: Mitre, NVD

Published: 2026-05-27

Updated: 2026-05-27

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00018