Bug 2482062 (CVE-2026-45950) - CVE-2026-45950 kernel: crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()
Summary: CVE-2026-45950 kernel: crypto: starfive - Fix memory leak in starfive_aes_aea...
Keywords:
Status: NEW
Alias: CVE-2026-45950
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-27 15:09 UTC by OSIDB Bzimport
Modified: 2026-05-27 23:50 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-27 15:09:29 UTC
In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

The starfive_aes_aead_do_one_req() function allocates rctx->adata with
kzalloc() but fails to free it if sg_copy_to_buffer() or
starfive_aes_hw_init() fails, which lead to memory leaks.

Since rctx->adata is unconditionally freed after the write_adata
operations, ensure consistent cleanup by freeing the allocation in these
earlier error paths as well.

Compile tested only. Issue found using a prototype static analysis tool
and code review.


Note You need to log in before you can comment on or make changes to this bug.