CVE-2026-45959 PUBLISHED

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the __cleanup(kfree) attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be __free(kfree). The code coincidentally compiled because the parameter type void * of kfree is compatible with the desired type struct { ... } **.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from a71475582ada92ba021852bf3c2b40ab3718549b to 9a3ace9b010ffd8c422c97844ae152f7c53d6b18 (excl.)
  • affected from a71475582ada92ba021852bf3c2b40ab3718549b to 90f9090e3e744a8fe3bb6fa0e61f577347728b0b (excl.)
  • affected from a71475582ada92ba021852bf3c2b40ab3718549b to d5abcc33ee76bc26d58b39dc1a097e43a99dd438 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 6.17 is affected
  • unaffected from 0 to 6.17 (excl.)
  • unaffected from 6.18.14 to 6.18.* (incl.)
  • unaffected from 6.19.4 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References