CVE-2026-45928 PUBLISHED

media: chips-media: wave5: Fix memory leak on codec_info allocation failure

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix memory leak on codec_info allocation failure

In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is allocated via kzalloc(). If the subsequent allocation for inst->codec_info fails, the functions return -ENOMEM without freeing the previously allocated instance, causing a memory leak.

Fix this by calling kfree() on the instance in this error path to ensure it is properly released.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 9707a6254a8a6b978bde811a44fe07d86c229d1c to 52defdd4034db1a34bb48006f889d66a3629224b (excl.) affected from 9707a6254a8a6b978bde811a44fe07d86c229d1c to 1de71556cbd6e1d0d26fb86b9b3bb8caa0df8495 (excl.) affected from 9707a6254a8a6b978bde811a44fe07d86c229d1c to 32e9e45cf7e3422d21fa64535588d3572faf71c3 (excl.) affected from 9707a6254a8a6b978bde811a44fe07d86c229d1c to a519e21e32398459ba357e67b541402f7295ee1b (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.8 is affected unaffected from 0 to 6.8 (excl.) unaffected from 6.12.75 to 6.12.* (incl.) unaffected from 6.18.14 to 6.18.* (incl.) unaffected from 6.19.4 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-45928 PUBLISHED

media: chips-media: wave5: Fix memory leak on codec_info allocation failure

Product Status

References