Primary

Context

Linux Kernel Pinctrl Cirrus Double-Put Vulnerability in CS42L43 Driver

Vulnerability

Patched

A vulnerability exists in the Linux kernel's CS42L43 pin control driver, where an improper management of resource handling leads to a double 'put' operation. This issue arises because the 'devm_add_action_or_reset()' function already manages the action on failure, making the additional 'put' redundant and potentially harmful.

Impact

The vulnerability causes a resource management error by introducing a double 'put' condition, which can lead to undefined behavior in the driver.

Reproduction

The vulnerability can be reproduced by probing the CS42L43 pin control driver in a platform device context. The 'cs42l43_pin_probe' function will incorrectly execute a double 'put' operation on the device's firmware node handle, creating a resource management issue.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.

Added: Mar 25, 2026, 11:38 AM

Updated: Mar 25, 2026, 11:38 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

3.1

exploitability

3.9

remediation

7.7

relevance

4.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

3.1

exploitability

3.9

remediation

7.7

relevance

4.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Pinctrl Cirrus Double-Put Vulnerability in CS42L43 Driver

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating