CVE-2026-45950 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free it if sg_copy_to_buffer() or starfive_aes_hw_init() fails, which lead to memory leaks. Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well. Compile tested only. Issue found using a prototype static analysis tool and code review.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-05-27 | Assigner Linux

Product status

Default status

unaffected

7467147ef9bf42d1ea5b3314c7a05cd542b3518e (git) before 38d80307decc1132626a30e2a62af734630ecca5

affected

7467147ef9bf42d1ea5b3314c7a05cd542b3518e (git) before 4869d0e4e48a5301b267d359b2561c4080791a55

affected

7467147ef9bf42d1ea5b3314c7a05cd542b3518e (git) before 5f2c964a058581e1557c32d5de651c67a80438a7

affected

7467147ef9bf42d1ea5b3314c7a05cd542b3518e (git) before ccb679fdae2e62ed92fd9acb25ed809c0226fcc6

affected

Default status

affected

6.10

affected

Any version before 6.10

unaffected

6.12.75 (semver)

unaffected

6.18.14 (semver)

unaffected

6.19.4 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/38d80307decc1132626a30e2a62af734630ecca5

git.kernel.org/...c/4869d0e4e48a5301b267d359b2561c4080791a55

git.kernel.org/...c/5f2c964a058581e1557c32d5de651c67a80438a7

git.kernel.org/...c/ccb679fdae2e62ed92fd9acb25ed809c0226fcc6

cve.org (CVE-2026-45950)

nvd.nist.gov (CVE-2026-45950)

Download JSON

help @ threatint.eu