CVE-2026-45950

Source
https://cve.org/CVERecord?id=CVE-2026-45950
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45950.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45950
Downstream
Published
2026-05-27T12:18:06.482Z
Modified
2026-07-08T08:09:40.588264616Z
Summary
crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Fix memory leak in starfiveaesaeaddoone_req()

The starfiveaesaeaddoonereq() function allocates rctx->adata with kzalloc() but fails to free it if sgcopytobuffer() or starfiveaeshw_init() fails, which lead to memory leaks.

Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45950.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7467147ef9bf42d1ea5b3314c7a05cd542b3518e
Fixed
38d80307decc1132626a30e2a62af734630ecca5
Fixed
4869d0e4e48a5301b267d359b2561c4080791a55
Fixed
5f2c964a058581e1557c32d5de651c67a80438a7
Fixed
ccb679fdae2e62ed92fd9acb25ed809c0226fcc6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45950.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.10.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45950.json"