Main Vulnerability Database SB20260325146

SB20260325146 - Incorrect Control Flow Scoping in Linux kernel regulator driver

Published: March 25, 2026

Security Bulletin ID SB20260325146

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect Control Flow Scoping (CVE-ID: CVE-2026-23314)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper resource management in the bq257xx_reg_dt_parse_gpio() function when processing device tree GPIO configurations. A local user can trigger a device node reference leak to cause a denial of service.

Exploitation requires access to the kernel subsystem managing regulator devices via device tree parsing.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/4baaddaa44af01cd4ce239493060738fd0881835
https://git.kernel.org/stable/c/93b64bef8cd4074806d981ed1b4c38c3ae0542e3
https://git.kernel.org/stable/c/aba54a5a113667df9d339f4192650f6bc27e9d1f