CVE-2026-23030 – phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()

CVE ID : CVE-2026-23030

Published : Jan. 31, 2026, 12:16 p.m. | 57 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()

The for_each_available_child_of_node() calls of_node_put() to
release child_np in each success loop. After breaking from the
loop with the child_np has been released, the code will jump to
the put_child label and will call the of_node_put() again if the
devm_request_threaded_irq() fails. These cause a double free bug.

Fix by returning directly to avoid the duplicate of_node_put().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…