CVE-2026-45925 Linux CVE debrief

Who should care

Linux system administrators managing bare-metal or virtualized workloads with thermal zone configurations; kernel maintainers backporting stable patches; security teams tracking kernel memory integrity

Technical summary

The thermal_of_cm_lookup() function in drivers/thermal/of-thermal.c acquires a device_node pointer via of_parse_phandle() but fails to release it, causing a reference count leak. The fix introduces the __free(device_node) cleanup attribute to ensure automatic deallocation when the function scope exits. This pattern prevents cumulative memory consumption during thermal zone lookups. The vulnerability is local and requires no privileges to trigger the code path, though practical impact depends on thermal configuration lookup frequency.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from your Linux distribution that include the referenced stable commits
• Monitor NVD for CVSS assignment and CPE criteria to refine prioritization
• Review thermal subsystem configurations if running custom kernel builds
• Track memory usage patterns on systems with thermal zone configurations as a detection heuristic

Evidence notes

The vulnerability description confirms a reference leak in thermal_of_cm_lookup() where tr_np from of_parse_phandle() was never released. The resolution uses the __free(device_node) cleanup attribute for automatic release. Four stable kernel commits are referenced, indicating backports to multiple supported branches. The CVE was published 2026-05-27 and modified same day. NVD status is 'Awaiting Analysis' with no CVSS vector or CPE criteria assigned. No KEV entry exists.

Official resources