CVE-2026-45950

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free it if sg_copy_to_buffer() or starfive_aes_hw_init() fails, which lead to memory leaks.

Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7467147ef9bf42d1ea5b3314c7a05cd542b3518e < 38d80307decc1132626a30e2a62af734630ecca5affected
LinuxLinux7467147ef9bf42d1ea5b3314c7a05cd542b3518e < 4869d0e4e48a5301b267d359b2561c4080791a55affected
LinuxLinux7467147ef9bf42d1ea5b3314c7a05cd542b3518e < 5f2c964a058581e1557c32d5de651c67a80438a7affected
LinuxLinux7467147ef9bf42d1ea5b3314c7a05cd542b3518e < ccb679fdae2e62ed92fd9acb25ed809c0226fcc6affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.12.75 <= 6.12.*unaffected
LinuxLinux6.18.14 <= 6.18.*unaffected
LinuxLinux6.19.4 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References