CVE-2026-45922 PUBLISHED

RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler

The UVERBS_HANDLER(MLX5_IB_METHOD_GET_DATA_DIRECT_SYSFS_PATH) function allocates memory for the device path using kobject_get_path(). If the length of the device path exceeds the output buffer length, the function returns -ENOSPC but does not free the allocated memory, resulting in a memory leak.

Add a kfree() call to the error path to ensure the allocated memory is properly freed.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from ec7ad6530909983c8736c80af46e3529ce7bab55 to ee998cdbff6680891b0efd9d6ce53a388e5342c3 (excl.)
  • affected from ec7ad6530909983c8736c80af46e3529ce7bab55 to b2bc649c18fbe8a7fd38d17266da3dcbfbcc44d2 (excl.)
  • affected from ec7ad6530909983c8736c80af46e3529ce7bab55 to b3a10eca24fcfe913c0875e620f19596001bd6dc (excl.)
  • affected from ec7ad6530909983c8736c80af46e3529ce7bab55 to 9b9d253908478f504297ac283c514e5953ddafa6 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.12 is affected
  • unaffected from 0 to 6.12 (excl.)
  • unaffected from 6.12.75 to 6.12.* (incl.)
  • unaffected from 6.18.14 to 6.18.* (incl.)
  • unaffected from 6.19.4 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References