CVE-2026-45959

HIGH

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the `__cleanup(kfree)` attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be `__free(kfree)`. The code coincidentally compiled because the parameter type `void *` of kfree is compatible with the desired type `struct { ... } **`.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/9a3ace9b010ffd8c422c97844ae152f7c53d6b18

https://git.kernel.org/stable/c/90f9090e3e744a8fe3bb6fa0e61f577347728b0b

https://git.kernel.org/stable/c/d5abcc33ee76bc26d58b39dc1a097e43a99dd438

Scores

CVSS v3 7.8

EPSS 0.0013

EPSS Percentile 2.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-476

Status published

Products (9)

Linux/Linux < 6.17

Linux/Linux 6.17

Linux/Linux 6.18.14 - 6.18.*

Linux/Linux 6.19.4 - 6.19.*

Linux/Linux 7.0

Linux/Linux a71475582ada92ba021852bf3c2b40ab3718549b - 90f9090e3e744a8fe3bb6fa0e61f577347728b0b

Linux/Linux a71475582ada92ba021852bf3c2b40ab3718549b - 9a3ace9b010ffd8c422c97844ae152f7c53d6b18

Linux/Linux a71475582ada92ba021852bf3c2b40ab3718549b - d5abcc33ee76bc26d58b39dc1a097e43a99dd438

linux/linux_kernel 6.17 - 6.18.14

Published May 27, 2026

Tracked Since May 27, 2026