CVE-2026-45887

MEDIUM

af_unix: Fix memleak of newsk in unix_stream_connect().

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix memleak of newsk in unix_stream_connect(). When prepare_peercred() fails in unix_stream_connect(), unix_release_sock() is not called for newsk, and the memory is leaked. Let's move prepare_peercred() before unix_create1().

Scores

CVSS v3 5.5
EPSS 0.0015
EPSS Percentile 4.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-401
Status published
Products (11)
linux/Kernel 6.16.0 - 6.18.14linux
linux/Kernel 6.19.0 - 6.19.4linux
Linux/Linux < 6.16
Linux/Linux 6.16
Linux/Linux 6.18.14 - 6.18.*
Linux/Linux 6.19.4 - 6.19.*
Linux/Linux 7.0
Linux/Linux fd0a109a0f6b7524543d17520da92a44a9f5343c - 365996a2b14d07caa9e33d367b67ea26c09d89b4
Linux/Linux fd0a109a0f6b7524543d17520da92a44a9f5343c - 6884028cd7f275f8bcb854a347265cb1fb0e4bea
Linux/Linux fd0a109a0f6b7524543d17520da92a44a9f5343c - a5d95d7caba0160fb7b2b8d2bd96d5a1be861d9f
... and 1 more
Published May 27, 2026
Tracked Since May 27, 2026