{"id":"CVE-2026-45989","summary":"of: unittest: fix use-after-free in testdrv_probe()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: fix use-after-free in testdrv_probe()\n\nThe function testdrv_probe() retrieves the device_node from the PCI\ndevice, applies an overlay, and then immediately calls of_node_put(dn).\nThis releases the reference held by the PCI core, potentially freeing\nthe node if the reference count drops to zero. Later, the same freed\npointer 'dn' is passed to of_platform_default_populate(), leading to a\nuse-after-free.\n\nThe reference to pdev-\u003edev.of_node is owned by the device model and\nshould not be released by the driver. Remove the erroneous of_node_put()\nto prevent premature freeing.","modified":"2026-06-18T03:57:31.805057604Z","published":"2026-05-27T12:55:41.276Z","related":["openSUSE-SU-2026:10954-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45989.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/07fd339b2c253205794bea5d9b4b7548a4546c56"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0ba03e06f037df704d9b032e36d417633e2326bc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5b6122a67a295f8a08b7c18d908a1bd974dfaec8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6b2023286d2c6ed3bf964fb92e34c9c14d42eb69"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d68347b07b9801791c9eaab8f772770b52b8cd5c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45989.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45989"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"26409dd045892904b059dc411403e9c8ce7543ca"},{"fixed":"0ba03e06f037df704d9b032e36d417633e2326bc"},{"fixed":"d68347b07b9801791c9eaab8f772770b52b8cd5c"},{"fixed":"5b6122a67a295f8a08b7c18d908a1bd974dfaec8"},{"fixed":"6b2023286d2c6ed3bf964fb92e34c9c14d42eb69"},{"fixed":"07fd339b2c253205794bea5d9b4b7548a4546c56"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45989.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.6.0"},{"fixed":"6.6.140"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.27"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45989.json"}}],"schema_version":"1.7.5"}