Bug 2481948 (CVE-2026-45959) - CVE-2026-45959 kernel: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree
Summary: CVE-2026-45959 kernel: crypto: ccp - Fix a crash due to incorrect cleanup usa...
Keywords:
Status: NEW
Alias: CVE-2026-45959
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-27 15:03 UTC by OSIDB Bzimport
Modified: 2026-05-27 23:25 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-27 15:03:49 UTC
In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

Annotating a local pointer variable, which will be assigned with the
kmalloc-family functions, with the `__cleanup(kfree)` attribute will
make the address of the local variable, rather than the address returned
by kmalloc, passed to kfree directly and lead to a crash due to invalid
deallocation of stack address. According to other places in the repo,
the correct usage should be `__free(kfree)`. The code coincidentally
compiled because the parameter type `void *` of kfree is compatible with
the desired type `struct { ... } **`.


Note You need to log in before you can comment on or make changes to this bug.