5.5

CVE-2026-45950

crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

The starfive_aes_aead_do_one_req() function allocates rctx->adata with
kzalloc() but fails to free it if sg_copy_to_buffer() or
starfive_aes_hw_init() fails, which lead to memory leaks.

Since rctx->adata is unconditionally freed after the write_adata
operations, ensure consistent cleanup by freeing the allocation in these
earlier error paths as well.

Compile tested only. Issue found using a prototype static analysis tool
and code review.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.10 < 6.12.75
LinuxLinux Kernel Version >= 6.13 < 6.18.14
LinuxLinux Kernel Version >= 6.19 < 6.19.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.023
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/38d80307decc1132626a30e2a62af734630ecca5
Patch
https://git.kernel.org/stable/c/4869d0e4e48a5301b267d359b2561c4080791a55
Patch
https://git.kernel.org/stable/c/5f2c964a058581e1557c32d5de651c67a80438a7
Patch
https://git.kernel.org/stable/c/ccb679fdae2e62ed92fd9acb25ed809c0226fcc6
Patch