CVE-2026-45900 - Vulnerability Details

- crypto: caam - fix netdev memory leak in dpaa2_caam_probe

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: caam - fix netdev memory leak in dpaa2_caam_probe

When commit 0e1a4d427f58 ("crypto: caam: Unembed net_dev structure in
dpaa2") converted embedded net_device to dynamically allocated pointers,
it added cleanup in dpaa2_dpseci_disable() but missed adding cleanup in
dpaa2_dpseci_free() for error paths.

This causes memory leaks when dpaa2_dpseci_dpio_setup() fails during probe
due to DPIO devices not being ready yet. The kernel's deferred probe
mechanism handles the retry successfully, but the netdevs allocated during
the failed probe attempt are never freed, resulting in kmemleak reports
showing multiple leaked netdev-related allocations all traced back to
dpaa2_caam_probe().

Fix this by preserving the CPU mask of allocated netdevs during setup and
using it for cleanup in dpaa2_dpseci_free(). This approach ensures that
only the CPUs that actually had netdevs allocated will be cleaned up,
avoiding potential issues with CPU hotplug scenarios.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a memory leak in the Linux kernel’s crypto:caam driver, specifically in the dpaa2_caam_probe routine. When the probe fails because required DPIO devices are not yet ready, the driver allocates net_device structures but does not free them on error paths, leading to leaked allocations. Over time these leaks can accumulate, consuming kernel memory and potentially causing performance degradation or system instability.

Affected Systems

All Linux kernel releases that contain the dpaa2 CAAM crypto driver prior to the inclusion of the fix commit are impacted. This includes any distribution that ships an unpatched kernel built with the dpaa2-based crypto acceleration stack, such as generic Linux kernel images used on NXP DPAA2 hardware platforms.

Risk and Exploitability

No CVSS score is listed and the EPSS score is unavailable; the vulnerability is not included in CISA’s KEV catalog. The likely attack vector is local or via privileged services that load or reload the kernel module, as the issue occurs during device probing. While exploitation does not provide immediate denial of service, repeated probe failures can gradually increase memory usage, representing a moderate risk to long‑term system stability. It is inferred from the description that the vulnerability requires access to the kernel and the DPAA2 hardware interface.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0e1a4d427f58b843864d835ccb79c32a118c6a77`	affected	< d5c6f254528caf78d5de7d9646dc21c81d351827
`0e1a4d427f58b843864d835ccb79c32a118c6a77`	affected	< d7decb572b55d2af33e59e9858fcee5d9ae69175
`0e1a4d427f58b843864d835ccb79c32a118c6a77`	affected	< e144cce29851610ce9c6eda405ce21118779aa51
`0e1a4d427f58b843864d835ccb79c32a118c6a77`	affected	< 7d43252b3060b0ba4a192dce5dba85a3f39ffe39

Linux

affected

Version	Status	Constraints
`6.11`	affected	—
`0`	unaffected	< 6.11
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0e1a4d427f58b843864d835ccb79c32a118c6a77,d5c6f254528caf78d5de7d9646dc21c81d351827)`	affected	code_commit	—
`[0e1a4d427f58b843864d835ccb79c32a118c6a77,d7decb572b55d2af33e59e9858fcee5d9ae69175)`	affected	code_commit	—
`[0e1a4d427f58b843864d835ccb79c32a118c6a77,e144cce29851610ce9c6eda405ce21118779aa51)`	affected	code_commit	—
`[0e1a4d427f58b843864d835ccb79c32a118c6a77,7d43252b3060b0ba4a192dce5dba85a3f39ffe39)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.11`	affected	generic	—
`[0,6.11)`	unaffected	generic	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that incorporates commit 0e1a4d427f58
If a kernel update is not immediately possible, apply this patch to the dpaa2_caam driver and reboot or reload the module to use the fixed code
Ensure DPIO devices are initialized and ready before the dpaa2_caam module is probed to reduce the chance of probe failures
After applying the patch, monitor kmemleak output for any residual net_device leaks

Generated by OpenCVE AI on May 27, 2026 at 19:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/7d43252b3060b0ba4a192dce5dba85a3f39ffe39
https://git.kernel.org/stable/c/d5c6f254528caf78d5de7d9646dc21c81d351827
https://git.kernel.org/stable/c/d7decb572b55d2af33e59e9858fcee5d9ae69175
https://git.kernel.org/stable/c/e144cce29851610ce9c6eda405ce21118779aa51

History

Wed, 27 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401 CWE-772

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix netdev memory leak in dpaa2_caam_probe When commit 0e1a4d427f58 ("crypto: caam: Unembed net_dev structure in dpaa2") converted embedded net_device to dynamically allocated pointers, it added cleanup in dpaa2_dpseci_disable() but missed adding cleanup in dpaa2_dpseci_free() for error paths. This causes memory leaks when dpaa2_dpseci_dpio_setup() fails during probe due to DPIO devices not being ready yet. The kernel's deferred probe mechanism handles the retry successfully, but the netdevs allocated during the failed probe attempt are never freed, resulting in kmemleak reports showing multiple leaked netdev-related allocations all traced back to dpaa2_caam_probe(). Fix this by preserving the CPU mask of allocated netdevs during setup and using it for cleanup in dpaa2_dpseci_free(). This approach ensures that only the CPUs that actually had netdevs allocated will be cleaned up, avoiding potential issues with CPU hotplug scenarios.
Title		crypto: caam - fix netdev memory leak in dpaa2_caam_probe
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/7d43252b3060b0ba4a192dce5dba85a3f39ffe39 https://git.kernel.org/stable/c/d5c6f254528caf78d5de7d9646dc21c81d351827 https://git.kernel.org/stable/c/d7decb572b55d2af33e59e9858fcee5d9ae69175 https://git.kernel.org/stable/c/e144cce29851610ce9c6eda405ce21118779aa51

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:17:09.109Z

Updated: 2026-05-27T12:17:09.109Z

Reserved: 2026-05-13T15:03:33.083Z

Link: CVE-2026-45900

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:04.360

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45900

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T19:15:26Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object