Description
In the Linux kernel, the following vulnerability has been resolved:

md/raid1: fix memory leak in raid1_run()

raid1_run() calls setup_conf() which registers a thread via
md_register_thread(). If raid1_set_limits() fails, the previously
registered thread is not unregistered, resulting in a memory leak
of the md_thread structure and the thread resource itself.

Add md_unregister_thread() to the error path to properly cleanup
the thread, which aligns with the error handling logic of other paths
in this function.

Compile tested only. Issue found using a prototype static analysis tool
and code review.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The kernel’s RAID1 subsystem has a flaw where the function raid1_run() registers a thread and, if a subsequent limit setting fails, does not deregister that thread. The unreleased md_thread structure and thread resource remain in memory, creating a leak that can grow with repeated errors and eventually exhaust system memory or thread tables. The vulnerability does not directly grant an attacker access or execution capability, but it can degrade availability by affecting system stability when trigger conditions occur.

Affected Systems

All Linux kernel releases that include the unpatched md/raid1 code are affected. The issue was identified before the commit that fixed the leak, so any kernel built from the recommended source trees lacking the patch is vulnerable. No specific version list is supplied; rather, any kernel that contains the original raid1_run() implementation without the cleanup logic is impacted.

Risk and Exploitability

The CVSS score of 5.5 is available, but the EPSS score and KEV status are not available, and the vulnerability is not listed in CISA KEV. The risk assessment therefore relies on the nature of the flaw: a memory leak can lead to resource exhaustion, but exploitation requires conditions that cause raid1_set_limits() to fail repeatedly. This likely demands local or privileged access, and no public exploit is known. Consequently, the overall risk is moderate to low, pending further details about the failure trigger frequency in production workloads.

Generated by OpenCVE AI on May 28, 2026 at 13:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that incorporates the commit resolving this leak; use distribution security updates or apply the patch from the official git repository.
  • If an immediate kernel upgrade is not possible, consider disabling or limiting the use of RAID1 devices to reduce the likelihood of the error path being exercised.
  • Regularly monitor system memory and thread usage for signs of a leak when RAID1 is in use, and apply the kernel update as soon as it becomes available.

Generated by OpenCVE AI on May 28, 2026 at 13:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 27 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: md/raid1: fix memory leak in raid1_run() raid1_run() calls setup_conf() which registers a thread via md_register_thread(). If raid1_set_limits() fails, the previously registered thread is not unregistered, resulting in a memory leak of the md_thread structure and the thread resource itself. Add md_unregister_thread() to the error path to properly cleanup the thread, which aligns with the error handling logic of other paths in this function. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title md/raid1: fix memory leak in raid1_run()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:16:59.751Z

Reserved: 2026-05-13T15:03:33.082Z

Link: CVE-2026-45888

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:02.813

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45888

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45888 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T14:00:18Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption

  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime