CVE-2026-45922
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to a memory leak in the GET_DATA_DIRECT_SYSFS_PATH function. If the length of the device path exceeds the output buffer length, memory is not freed, leading to a memory leak.
Risk Assessment
Memory leaks can lead to increased resource consumption, which may affect the stability and performance of the system in the long run.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and prevent memory leaks.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GET_DATA_DIRECT_SYSFS_PATH handler The UVERBS_HANDLER(MLX5_IB_METHOD_GET_DATA_DIRECT_SYSFS_PATH) function allocates memory for the device path using kobject_get_path(). If the length of the device path exceeds the output buffer length, the function returns -ENOSPC but does not free the allocated memory, resulting in a memory leak. Add a kfree() call to the error path to ensure the allocated memory is properly freed. Compile tested only. Issue found using a prototype static analysis tool and code review.

