CVE-2026-45900

Source
https://cve.org/CVERecord?id=CVE-2026-45900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45900.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45900
Downstream
Published
2026-05-27T12:17:09.109Z
Modified
2026-07-08T08:13:31.872432611Z
Summary
crypto: caam - fix netdev memory leak in dpaa2_caam_probe
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: caam - fix netdev memory leak in dpaa2caamprobe

When commit 0e1a4d427f58 ("crypto: caam: Unembed netdev structure in dpaa2") converted embedded netdevice to dynamically allocated pointers, it added cleanup in dpaa2dpsecidisable() but missed adding cleanup in dpaa2dpsecifree() for error paths.

This causes memory leaks when dpaa2dpsecidpiosetup() fails during probe due to DPIO devices not being ready yet. The kernel's deferred probe mechanism handles the retry successfully, but the netdevs allocated during the failed probe attempt are never freed, resulting in kmemleak reports showing multiple leaked netdev-related allocations all traced back to dpaa2caam_probe().

Fix this by preserving the CPU mask of allocated netdevs during setup and using it for cleanup in dpaa2dpsecifree(). This approach ensures that only the CPUs that actually had netdevs allocated will be cleaned up, avoiding potential issues with CPU hotplug scenarios.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45900.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0e1a4d427f58b843864d835ccb79c32a118c6a77
Fixed
d5c6f254528caf78d5de7d9646dc21c81d351827
Fixed
d7decb572b55d2af33e59e9858fcee5d9ae69175
Fixed
e144cce29851610ce9c6eda405ce21118779aa51
Fixed
7d43252b3060b0ba4a192dce5dba85a3f39ffe39

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45900.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45900.json"