Home

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the `__cleanup(kfree)` attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be `__free(kfree)`. The code coincidentally compiled because the parameter type `void *` of kfree is compatible with the desired type `struct { ... } **`.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-05-30 | Assigner Linux




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

a71475582ada92ba021852bf3c2b40ab3718549b (git) before 9a3ace9b010ffd8c422c97844ae152f7c53d6b18
affected

a71475582ada92ba021852bf3c2b40ab3718549b (git) before 90f9090e3e744a8fe3bb6fa0e61f577347728b0b
affected

a71475582ada92ba021852bf3c2b40ab3718549b (git) before d5abcc33ee76bc26d58b39dc1a097e43a99dd438
affected

Default status
affected

6.17
affected

Any version before 6.17
unaffected

6.18.14 (semver)
unaffected

6.19.4 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/9a3ace9b010ffd8c422c97844ae152f7c53d6b18

git.kernel.org/...c/90f9090e3e744a8fe3bb6fa0e61f577347728b0b

git.kernel.org/...c/d5abcc33ee76bc26d58b39dc1a097e43a99dd438

cve.org (CVE-2026-45959)

nvd.nist.gov (CVE-2026-45959)

Download JSON