2439866 – (CVE-2026-23132) CVE-2026-23132 kernel: drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind

Bug 2439866 (CVE-2026-23132) - CVE-2026-23132 kernel: drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind

Summary: CVE-2026-23132 kernel: drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_...

Keywords:
Status:	NEW
Alias:	CVE-2026-23132
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-14 16:02 UTC by OSIDB Bzimport
Modified:	2026-02-16 12:24 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-14 16:02:26 UTC

In the Linux kernel, the following vulnerability has been resolved:

drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind

Fix several issues in dw_dp_bind() error handling:

1. Missing return after drm_bridge_attach() failure - the function
   continued execution instead of returning an error.

2. Resource leak: drm_dp_aux_register() is not a devm function, so
   drm_dp_aux_unregister() must be called on all error paths after
   aux registration succeeds. This affects errors from:
   - drm_bridge_attach()
   - phy_init()
   - devm_add_action_or_reset()
   - platform_get_irq()
   - devm_request_threaded_irq()

3. Bug fix: platform_get_irq() returns the IRQ number or a negative
   error code, but the error path was returning ERR_PTR(ret) instead
   of ERR_PTR(dp->irq).

Use a goto label for cleanup to ensure consistent error handling.

Comment 1 Alexander B 2026-02-16 12:14:39 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026021437-CVE-2026-23132-175d@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.