CVE-2026-45926 Linux CVE debrief

Who should care

Linux kernel maintainers, embedded systems developers using PWM functionality, organizations running custom kernel builds with Rust support, and security teams tracking kernel memory safety issues.

Technical summary

The vulnerability is located in the Rust bindings for the Linux kernel PWM subsystem. The `pwmchip_alloc()` function allocates a PWM chip structure with an initial reference count. The `__pinned_init()` function performs additional initialization. If this initialization fails, the original error path did not decrement the reference count via `pwmchip_put()`, causing the allocated memory to leak. The fix adds the missing `pwmchip_put()` call to the error path, ensuring proper resource cleanup regardless of initialization success or failure.

Defensive priority

medium

Recommended defensive actions

• Review and apply the referenced kernel commits to affected systems
• Verify Rust PWM subsystem is updated in custom kernel builds
• Monitor kernel stable releases for backported fixes
• Audit error handling paths in Rust kernel code for similar patterns

Evidence notes

The vulnerability description indicates this is a memory leak in error handling paths within the Rust PWM subsystem. The fix ensures that `pwmchip_put()` is called when `__pinned_init()` fails, properly releasing the reference obtained during `pwmchip_alloc()`. Two kernel commits are referenced as resolution sources.

Official resources