Description
In the Linux kernel, the following vulnerability has been resolved:

soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()

In svs_enable_debug_write(), the buf allocated by memdup_user_nul()
is leaked if kstrtoint() fails.

Fix this by using __free(kfree) to automatically free buf, eliminating
the need for explicit kfree() calls and preventing leaks.

[Angelo: Added missing cleanup.h inclusion]
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a memory leak in the Mediatek SVS driver for the Linux kernel. In svs_enable_debug_write(), a buffer allocated with memdup_user_nul is not freed when kstrtoint() fails, causing an unreleased memory allocation. This results in a repeated leak that can eventually exhaust kernel memory and destabilize the system, falling under CWE‑401.

Affected Systems

Any Linux kernel configuration that includes the Mediatek SVS module is affected. No specific kernel version range is listed, so all builds containing this code prior to the reported fix are potentially vulnerable.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA KEV, indicating limited public exploitation data. The CVSS score is missing from the advisory. The attack vector is inferred to be local, as svs_enable_debug_write() is a debug interface that typically requires root or elevated privileges. A privileged attacker could repeatedly trigger the function, causing progressive memory exhaustion and a denial of service. While no public exploit exists, the potential for a serious local DoS warrants immediate attention.

Generated by OpenCVE AI on May 27, 2026 at 17:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the upstream patch that replaces explicit kfree() with automatic cleanup using __free(kfree) in the svs_enable_debug_write() function
  • If the patch is not yet integrated in your distribution, backport the commit from the kernel repository or upgrade to a kernel release that includes the fix
  • Rebuild the kernel or module so that the SVS driver includes the updated implementation

Generated by OpenCVE AI on May 27, 2026 at 17:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 18:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() In svs_enable_debug_write(), the buf allocated by memdup_user_nul() is leaked if kstrtoint() fails. Fix this by using __free(kfree) to automatically free buf, eliminating the need for explicit kfree() calls and preventing leaks. [Angelo: Added missing cleanup.h inclusion]
Title soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:16:53.677Z

Reserved: 2026-05-13T15:03:33.082Z

Link: CVE-2026-45881

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:01.930

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45881

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T17:45:33Z

Weaknesses