CVE-2026-45959
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree
Annotating a local pointer variable, which will be assigned with the
kmalloc-family functions, with the __cleanup(kfree) attribute will
make the address of the local variable, rather than the address returned
by kmalloc, passed to kfree directly and lead to a crash due to invalid
deallocation of stack address. According to other places in the repo,
the correct usage should be __free(kfree). The code coincidentally
compiled because the parameter type void * of kfree is compatible with
the desired type struct { ... } **.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a71475582ada92ba021852bf3c2b40ab3718549b < 9a3ace9b010ffd8c422c97844ae152f7c53d6b18 | affected |
| Linux | Linux | a71475582ada92ba021852bf3c2b40ab3718549b < 90f9090e3e744a8fe3bb6fa0e61f577347728b0b | affected |
| Linux | Linux | a71475582ada92ba021852bf3c2b40ab3718549b < d5abcc33ee76bc26d58b39dc1a097e43a99dd438 | affected |
| Linux | Linux | 6.17 | affected |
| Linux | Linux | 0 < 6.17 | unaffected |
| Linux | Linux | 6.18.14 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.4 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/9a3ace9b010ffd8c422c97844ae152f7c53d6b18
- https://git.kernel.org/stable/c/90f9090e3e744a8fe3bb6fa0e61f577347728b0b
- https://git.kernel.org/stable/c/d5abcc33ee76bc26d58b39dc1a097e43a99dd438
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.