CVE-2026-45950

Published: May 27, 2026

Modified: May 27, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free it if sg_copy_to_buffer() or starfive_aes_hw_init() fails, which lead to memory leaks. Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well. Compile tested only. Issue found using a prototype static analysis tool and code review.

Vendor	Product	Versions
Linux	Linux	affected `7467147ef9bf42d1ea5b3314c7a05cd542b3518e - < 38d80307decc1132626a30e2a62af734630ecca5` affected `7467147ef9bf42d1ea5b3314c7a05cd542b3518e - < 4869d0e4e48a5301b267d359b2561c4080791a55` affected `7467147ef9bf42d1ea5b3314c7a05cd542b3518e - < 5f2c964a058581e1557c32d5de651c67a80438a7` affected `7467147ef9bf42d1ea5b3314c7a05cd542b3518e - < ccb679fdae2e62ed92fd9acb25ed809c0226fcc6`
Linux	Linux	affected `6.10` unaffected `0 - < 6.10` unaffected `6.12.75 - <= 6.12.` unaffected `6.18.14 - <= 6.18.` unaffected `6.19.4 - <= 6.19.*` +1 more versions

References

https://git.kernel.org/stable/c/38d80307decc1132626a30e2a62af734630ecca5

https://git.kernel.org/stable/c/4869d0e4e48a5301b267d359b2561c4080791a55

https://git.kernel.org/stable/c/5f2c964a058581e1557c32d5de651c67a80438a7

https://git.kernel.org/stable/c/ccb679fdae2e62ed92fd9acb25ed809c0226fcc6

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-45950

Description

Affected Products

References