CVE-2026-45887 - Vulnerability Details

- af_unix: Fix memleak of newsk in unix_stream_connect().

Description

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Fix memleak of newsk in unix_stream_connect().

When prepare_peercred() fails in unix_stream_connect(),
unix_release_sock() is not called for newsk, and the memory
is leaked.

Let's move prepare_peercred() before unix_create1().

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A memory leak occurs in the Linux kernel’s af_unix module when a connection attempt to a Unix domain socket fails during prepare_peercred(). The failure prevents the new socket structure from being released, causing the kernel to retain the memory allocation. Over time, repeated failures can exhaust system memory and lead to instability or a denial of Service. The weakness is a classic example of unchecked resource allocation (CWE‑401).

Affected Systems

The vulnerability affects the Linux kernel; the specific kernel version is not listed in the data, so any installation containing the unpatched af_unix code is potentially vulnerable. Administrators should review the kernel build to confirm whether the patch that moves prepare_peercred() before unix_create1() has been applied.

Risk and Exploitability

The CVSS score is unavailable, and the EPSS score is not provided; the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires the ability to trigger a Unix socket connection that follows the vulnerable code path, which can be accomplished locally or, if an exposed service uses Unix sockets, remotely. The risk is moderate to high for systems that handle many Unix socket connections, as resource exhaustion could be achieved with repeated failures, but public exploitation evidence is lacking.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`fd0a109a0f6b7524543d17520da92a44a9f5343c`	affected	< 365996a2b14d07caa9e33d367b67ea26c09d89b4
`fd0a109a0f6b7524543d17520da92a44a9f5343c`	affected	< a5d95d7caba0160fb7b2b8d2bd96d5a1be861d9f
`fd0a109a0f6b7524543d17520da92a44a9f5343c`	affected	< 6884028cd7f275f8bcb854a347265cb1fb0e4bea

Linux

affected

Version	Status	Constraints
`6.16`	affected	—
`0`	unaffected	< 6.16
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[fd0a109a0f6b7524543d17520da92a44a9f5343c,365996a2b14d07caa9e33d367b67ea26c09d89b4)`	affected	code_commit	—
`[fd0a109a0f6b7524543d17520da92a44a9f5343c,a5d95d7caba0160fb7b2b8d2bd96d5a1be861d9f)`	affected	code_commit	—
`[fd0a109a0f6b7524543d17520da92a44a9f5343c,6884028cd7f275f8bcb854a347265cb1fb0e4bea)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.16`	affected	generic	—
`[0,6.16)`	unaffected	generic	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel update that includes the af_unix memory‑leak fix
Restrict or quarantine services that create or accept Unix domain sockets to limit attack exposure
Monitor system memory usage for unusual growth patterns that may indicate a socket‑related memory leak

Generated by OpenCVE AI on May 27, 2026 at 16:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/365996a2b14d07caa9e33d367b67ea26c09d89b4
https://git.kernel.org/stable/c/6884028cd7f275f8bcb854a347265cb1fb0e4bea
https://git.kernel.org/stable/c/a5d95d7caba0160fb7b2b8d2bd96d5a1be861d9f

History

Wed, 27 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix memleak of newsk in unix_stream_connect(). When prepare_peercred() fails in unix_stream_connect(), unix_release_sock() is not called for newsk, and the memory is leaked. Let's move prepare_peercred() before unix_create1().
Title		af_unix: Fix memleak of newsk in unix_stream_connect().
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/365996a2b14d07caa9e33d367b67ea26c09d89b4 https://git.kernel.org/stable/c/6884028cd7f275f8bcb854a347265cb1fb0e4bea https://git.kernel.org/stable/c/a5d95d7caba0160fb7b2b8d2bd96d5a1be861d9f

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:16:58.720Z

Updated: 2026-05-27T12:16:58.720Z

Reserved: 2026-05-13T15:03:33.082Z

Link: CVE-2026-45887

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:02.713

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45887

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T18:00:14Z

Weaknesses

CWE-401

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object