CVE-2026-45959

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the __cleanup(kfree) attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be __free(kfree). The code coincidentally compiled because the parameter type void * of kfree is compatible with the desired type struct { ... } **.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa71475582ada92ba021852bf3c2b40ab3718549b < 9a3ace9b010ffd8c422c97844ae152f7c53d6b18affected
LinuxLinuxa71475582ada92ba021852bf3c2b40ab3718549b < 90f9090e3e744a8fe3bb6fa0e61f577347728b0baffected
LinuxLinuxa71475582ada92ba021852bf3c2b40ab3718549b < d5abcc33ee76bc26d58b39dc1a097e43a99dd438affected
LinuxLinux6.17affected
LinuxLinux0 < 6.17unaffected
LinuxLinux6.18.14 <= 6.18.*unaffected
LinuxLinux6.19.4 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References