5.5
CVE-2026-45888
- EPSS 0.16%
- Veröffentlicht 27.05.2026 12:16:59
- Zuletzt bearbeitet 25.06.2026 21:13:31
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
md/raid1: fix memory leak in raid1_run()
In the Linux kernel, the following vulnerability has been resolved: md/raid1: fix memory leak in raid1_run() raid1_run() calls setup_conf() which registers a thread via md_register_thread(). If raid1_set_limits() fails, the previously registered thread is not unregistered, resulting in a memory leak of the md_thread structure and the thread resource itself. Add md_unregister_thread() to the error path to properly cleanup the thread, which aligns with the error handling logic of other paths in this function. Compile tested only. Issue found using a prototype static analysis tool and code review.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.9 < 6.12.75
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.14
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.05 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/c94fd6e8a71efd047ff36930e840f3c25679e136
https://git.kernel.org/stable/c/ec10e3dc93994b87adf7c759a4639fe34013989a
https://git.kernel.org/stable/c/b37588b0282a2b3cdda9db1d53712745ce66dea0
https://git.kernel.org/stable/c/6abc7d5dcf0ee0f85e16e41c87fbd06231f28753