High severity7.8NVD Advisory· Published May 27, 2026· Updated Jun 16, 2026
CVE-2026-45959
CVE-2026-45959
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree
Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the __cleanup(kfree) attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be __free(kfree). The code coincidentally compiled because the parameter type void * of kfree is compatible with the desired type struct { ... } **.
Affected products
3Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.