CVE Catalog

CVE-2026-45881

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

In the Linux kernel, a memory leak was detected in the svs_enable_debug_write() function in the MediaTek SVS driver. The buffer allocated by memdup_user_nul() is not freed if kstrtoint() fails.

Risk Assessment

The memory leak can lead to gradual exhaustion of available system memory, potentially causing a denial of service (DoS) for user processes.

Recommendation

Apply the patch that uses __free(kfree) to automatically free the buffer and adds the missing inclusion of cleanup.h.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() In svs_enable_debug_write(), the buf allocated by memdup_user_nul() is leaked if kstrtoint() fails. Fix this by using __free(kfree) to automatically free buf, eliminating the need for explicit kfree() calls and preventing leaks. [Angelo: Added missing cleanup.h inclusion]

Vulnerability data from NVD (NIST) · CISA KEV · EPSS