Detections
Analytics

CVE-2026-45950

medium

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free it if sg_copy_to_buffer() or starfive_aes_hw_init() fails, which lead to memory leaks. Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well. Compile tested only. Issue found using a prototype static analysis tool and code review.

References

https://git.kernel.org/stable/c/ccb679fdae2e62ed92fd9acb25ed809c0226fcc6

https://git.kernel.org/stable/c/5f2c964a058581e1557c32d5de651c67a80438a7

https://git.kernel.org/stable/c/4869d0e4e48a5301b267d359b2561c4080791a55

https://git.kernel.org/stable/c/38d80307decc1132626a30e2a62af734630ecca5

Details

Source: Mitre, NVD

Published: 2026-05-27

Updated: 2026-05-27

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C

Severity: High

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00018