Back to CVE List

CVE-2026-45959

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.8 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

Annotating a local pointer variable, which will be assigned with the
kmalloc-family functions, with the `__cleanup(kfree)` attribute will
make the address of the local variable, rather than the address returned
by kmalloc, passed to kfree directly and lead to a crash due to invalid
deallocation of stack address. According to other places in the repo,
the correct usage should be `__free(kfree)`. The code coincidentally
compiled because the parameter type `void *` of kfree is compatible with
the desired type `struct { ... } **`.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Linux
Product
Linux

External References

Discussion (0)

Add Comment

No comments yet. Be the first!