HarborGuard / CVE
Back to search
HIGHCVE-2026-45959Published Modified CNA Linux

CVE-2026-45959: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the `__cleanup(kfree)` attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be `__free(kfree)`. The code coincidentally compiled because the parameter type `void *` of kfree is compatible with the desired type `struct { ... } **`.

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
0
Affected Products
2

Fix available

06.18.146.19.47.090f9090e3e744a8fe3bb6fa0e61f577347728b0b9a3ace9b010ffd8c422c97844ae152f7c53d6b18d5abcc33ee76bc26d58b39dc1a097e43a99dd438
Affected packages
  • Linux / Linux
    < 9a3ace9b010ffd8c422c97844ae152f7c53d6b18 (from a71475582ada92ba021852bf3c2b40ab3718549b) · < 90f9090e3e744a8fe3bb6fa0e61f577347728b0b (from a71475582ada92ba021852bf3c2b40ab3718549b) · < d5abcc33ee76bc26d58b39dc1a097e43a99dd438 (from a71475582ada92ba021852bf3c2b40ab3718549b)
  • Linux / Linux
    6.17
    Fixed in 0, 6.18.14, 6.19.4, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2026-45959: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree | HarborGuard CVE