CVE-2026-45939
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to a memory leak in the ni_usb_init() function. If ni_usb_setup_init() fails, the function returns -EFAULT without freeing the allocated buffer, leading to a memory leak.
Risk Assessment
Memory leaks can lead to increased resource consumption, which may affect the stability and performance of the system in the long run.
Recommendation
It is recommended to update the Linux kernel to a version that includes the fix for this memory leak and modifies the return code from ni_usb_setup_init().
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in ni_usb_init() In ni_usb_init(), if ni_usb_setup_init() fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak. Additionally, ni_usb_setup_init() returns 0 on failure, which causes ni_usb_init() to return -EFAULT, an inappropriate error code for this situation. Fix the leak by freeing writes in the error path. Modify ni_usb_setup_init() to return -EINVAL on failure and propagate this error code in ni_usb_init().

