CVE Catalog

CVE-2026-45922

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to a memory leak in the GET_DATA_DIRECT_SYSFS_PATH function. If the length of the device path exceeds the output buffer length, memory is not freed, leading to a memory leak.

Risk Assessment

Memory leaks can lead to increased resource consumption, which may affect the stability and performance of the system in the long run.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and prevent memory leaks.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler The UVERBS_HANDLER(MLX5_IB_METHOD_GET_DATA_DIRECT_SYSFS_PATH) function allocates memory for the device path using kobject_get_path(). If the length of the device path exceeds the output buffer length, the function returns -ENOSPC but does not free the allocated memory, resulting in a memory leak. Add a kfree() call to the error path to ensure the allocated memory is properly freed. Compile tested only. Issue found using a prototype static analysis tool and code review.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS