CVE-2026-45950
published 2026-05-27CVE-2026-45950: In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() The…
In the Linux kernel, the following vulnerability has been resolved:
crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()
The starfive_aes_aead_do_one_req() function allocates rctx->adata with
kzalloc() but fails to free it if sg_copy_to_buffer() or
starfive_aes_hw_init() fails, which lead to memory leaks.
Since rctx->adata is unconditionally freed after the write_adata
operations, ensure consistent cleanup by freeing the allocation in these
earlier error paths as well.
Compile tested only. Issue found using a prototype static analysis tool
and code review.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux | — | — |
| linux | linux | >= 7467147ef9bf42d1ea5b3314c7a05cd542b3518e < 38d80307decc1132626a30e2a62af734630ecca5 | 38d80307decc1132626a30e2a62af734630ecca5 |
| linux | linux | >= 7467147ef9bf42d1ea5b3314c7a05cd542b3518e < 4869d0e4e48a5301b267d359b2561c4080791a55 | 4869d0e4e48a5301b267d359b2561c4080791a55 |
| linux | linux | >= 7467147ef9bf42d1ea5b3314c7a05cd542b3518e < 5f2c964a058581e1557c32d5de651c67a80438a7 | 5f2c964a058581e1557c32d5de651c67a80438a7 |
| linux | linux | >= 7467147ef9bf42d1ea5b3314c7a05cd542b3518e < ccb679fdae2e62ed92fd9acb25ed809c0226fcc6 | ccb679fdae2e62ed92fd9acb25ed809c0226fcc6 |
| linux | linux_kernel | — | — |