CVE-2026-45888
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
In the Linux kernel md/raid1 driver, a memory leak was found in the raid1_run() function. When setup_conf() registers a thread via md_register_thread() and then raid1_set_limits() fails, the previously registered thread is not unregistered, causing a leak of the md_thread structure and thread resources.
Risk Assessment
The memory leak can lead to gradual exhaustion of system resources, potentially causing system instability or denial of service (DoS) if RAID1 arrays are repeatedly started.
Recommendation
Apply a Linux kernel patch that adds md_unregister_thread() call in the error path of raid1_run() to properly clean up thread resources.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: md/raid1: fix memory leak in raid1_run() raid1_run() calls setup_conf() which registers a thread via md_register_thread(). If raid1_set_limits() fails, the previously registered thread is not unregistered, resulting in a memory leak of the md_thread structure and the thread resource itself. Add md_unregister_thread() to the error path to properly cleanup the thread, which aligns with the error handling logic of other paths in this function. Compile tested only. Issue found using a prototype static analysis tool and code review.

