CVE-2026-23387
Published: 25 March 2026
Summary
CVE-2026-23387 is a high-severity Double Free (CWE-415) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the double-free flaw in the cs42l43 kernel driver through application of the specified stable kernel patches.
Enables ongoing vulnerability scanning and monitoring to identify the CVE-2026-23387 kernel driver flaw for prompt patching.
Provides memory protection safeguards that mitigate potential arbitrary code execution from exploitation of the double-free error.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel double-free (CWE-415) in driver probe path directly enables local arbitrary code execution with low privileges, mapping to exploitation for privilege escalation.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() devm_add_action_or_reset() already invokes the action on failure, so the explicit put causes a double-put.
Deeper analysisAI
CVE-2026-23387 is a vulnerability in the Linux kernel's pinctrl cirrus cs42l43 driver, where cs42l43_pin_probe() performs a double-put of a resource. This occurs because devm_add_action_or_reset() already invokes the release action on failure, rendering the explicit put redundant and triggering a double-put, classified under CWE-415 (Double Free). The issue was published on 2026-03-25 and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact disruption to confidentiality, integrity, and availability, potentially leading to arbitrary code execution or system crashes via the double-free error in the driver.
Mitigation is provided through kernel patches in the stable repository, including commits such as 188ba3468cb7c098c62609d82e9fc58d29ead7f4, 1e0465139fd9caee7ffefe285ef7d5f21919e474, 95b14ecc56881dd9a187e1e84dd0daa88ff22c5d, ea07fcfbba4301839db3784f09955d9fa3e98090, and fd5bed798f45eb3a178ad527b43ab92705faaf8a, which resolve the double-put by adjusting the probe function logic. Security practitioners should update affected Linux kernel installations to versions incorporating these fixes.
Details
- CWE(s)