CVE-2026-45950
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability related to a memory leak in the starfive_aes_aead_do_one_req() function has been identified in the Linux kernel. This function allocates memory but fails to free it in case of errors, leading to memory leaks.
Risk Assessment
Memory leaks can lead to increased resource consumption, which may affect the stability and performance of the system in the long run.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and prevent potential performance issues.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free it if sg_copy_to_buffer() or starfive_aes_hw_init() fails, which lead to memory leaks. Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well. Compile tested only. Issue found using a prototype static analysis tool and code review.

