CVE-2026-45959

HIGH 7.8

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the `__cleanup(kfree)` attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be `__free(kfree)`. The code coincidentally compiled because the parameter type `void *` of kfree is compatible with the desired type `struct { ... } **`.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 27, 2026
Last Updated	May 30, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

a71475582ada92ba021852bf3c2b40ab3718549b < 9a3ace9b010ffd8c422c97844ae152f7c53d6b18 a71475582ada92ba021852bf3c2b40ab3718549b < 90f9090e3e744a8fe3bb6fa0e61f577347728b0b a71475582ada92ba021852bf3c2b40ab3718549b < d5abcc33ee76bc26d58b39dc1a097e43a99dd438

Linux / Linux

6.17

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/9a3ace9b010ffd8c422c97844ae152f7c53d6b18 git.kernel.org: https://git.kernel.org/stable/c/90f9090e3e744a8fe3bb6fa0e61f577347728b0b git.kernel.org: https://git.kernel.org/stable/c/d5abcc33ee76bc26d58b39dc1a097e43a99dd438