CVE-2026-45888

Source
https://cve.org/CVERecord?id=CVE-2026-45888
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45888.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45888
Downstream
Published
2026-05-27T12:16:59.751Z
Modified
2026-07-15T01:49:06.581063716Z
Summary
md/raid1: fix memory leak in raid1_run()
Details

In the Linux kernel, the following vulnerability has been resolved:

md/raid1: fix memory leak in raid1_run()

raid1run() calls setupconf() which registers a thread via mdregisterthread(). If raid1setlimits() fails, the previously registered thread is not unregistered, resulting in a memory leak of the md_thread structure and the thread resource itself.

Add mdunregisterthread() to the error path to properly cleanup the thread, which aligns with the error handling logic of other paths in this function.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45888.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
97894f7d3c2966164516a8a5109674763d3a55e1
Fixed
c94fd6e8a71efd047ff36930e840f3c25679e136
Fixed
ec10e3dc93994b87adf7c759a4639fe34013989a
Fixed
b37588b0282a2b3cdda9db1d53712745ce66dea0
Fixed
6abc7d5dcf0ee0f85e16e41c87fbd06231f28753

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45888.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45888.json"