CVE Catalog

CVE-2026-45928

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel that leads to a memory leak on codec_info allocation failure. The functions wave5_vpu_open_enc() and wave5_vpu_open_dec() do not free the previously allocated instance, resulting in a memory leak.

Risk Assessment

Organizations may experience performance issues due to memory leaks, which can lead to instability in applications and operating systems.

Recommendation

It is recommended to update the Linux kernel to a version that includes the fix for this issue to prevent memory leaks.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codec_info allocation failure In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is allocated via kzalloc(). If the subsequent allocation for inst->codec_info fails, the functions return -ENOMEM without freeing the previously allocated instance, causing a memory leak. Fix this by calling kfree() on the instance in this error path to ensure it is properly released.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS