CVE-2026-45921 - Vulnerability Details

- mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()

Description

In the Linux kernel, the following vulnerability has been resolved:

mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()

The function mtd_parser_tplink_safeloader_parse() allocates buf via
mtd_parser_tplink_safeloader_read_table(). If the allocation for
parts[idx].name fails inside the loop, the code jumps to the err_free
label without freeing buf, leading to a memory leak.

Fix this by freeing the temporary buffer buf in the err_free label.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Published: 2026-05-27

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel contains a memory‑leak flaw in mtd_parser_tplink_safeloader_parse() that is triggered when an allocation for a table entry name fails. The error path jumps to a label that does not free the intermediate buffer, resulting in kernel memory that is never reclaimed. Based on the description, it is inferred that an attacker could repeatedly invoke the tplink_safeloader parser to trigger the leak, potentially exhausting kernel space and causing a system crash or degradation of critical services.

Affected Systems

All Linux kernel releases that ship with the tplink_safeloader parser—part of the MTD subsystem—are affected. No specific version range is listed; the defect was remedied by the commits referenced in the supplied patch set.

Risk and Exploitability

The EPSS probability is under 1% (approximately 0.00018) and the vulnerability is not in the CISA KEV catalog, indicating a low likelihood of widespread exploitation. Based on the description, it is inferred that an attacker would need either privileged or local access to repeatedly trigger the parser, so the threat is limited to environments where such access is feasible. Nevertheless, the resulting kernel memory exhaustion could lead to denial of service through out‑of‑memory conditions or a kernel panic.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`00a3588084bee6f37bb2b1d343f96900cfe049bc`	affected	< 0f5e62ea5c43146eacdc6861cb1022ffae1b79bc
`00a3588084bee6f37bb2b1d343f96900cfe049bc`	affected	< e97f5fac8ce9a6b9ec724c97d86b0985e915fdca
`00a3588084bee6f37bb2b1d343f96900cfe049bc`	affected	< ec121ad626c319085f6d40a52cd04e99b4554926
`00a3588084bee6f37bb2b1d343f96900cfe049bc`	affected	< 971e9c53aed82f17a9c6a65daa4e21cc15eba5b1
`00a3588084bee6f37bb2b1d343f96900cfe049bc`	affected	< 980ce2b02dd06a4fdf5fee38b2e14becf9cf7b8b

Linux

affected

Version	Status	Constraints
`6.2`	affected	—
`0`	unaffected	< 6.2
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[00a3588084bee6f37bb2b1d343f96900cfe049bc,0f5e62ea5c43146eacdc6861cb1022ffae1b79bc)`	affected	code_commit	—
`[00a3588084bee6f37bb2b1d343f96900cfe049bc,e97f5fac8ce9a6b9ec724c97d86b0985e915fdca)`	affected	code_commit	—
`[00a3588084bee6f37bb2b1d343f96900cfe049bc,ec121ad626c319085f6d40a52cd04e99b4554926)`	affected	code_commit	—
`[00a3588084bee6f37bb2b1d343f96900cfe049bc,971e9c53aed82f17a9c6a65daa4e21cc15eba5b1)`	affected	code_commit	—
`[00a3588084bee6f37bb2b1d343f96900cfe049bc,980ce2b02dd06a4fdf5fee38b2e14becf9cf7b8b)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.2`	affected	semver	—
`[0,6.2)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the kernel update that contains the mtd_parser_tplink_safeloader_parse() memory‑leak fix, following the documentation for the applied commits.
If a kernel update cannot be applied immediately, manually apply the patch changes to the source tree and rebuild the kernel to eliminate the leak.
Consider disabling CONFIG_TPLINK_SAFELOADER in the kernel configuration if the functionality is unnecessary, then rebuild the kernel to prevent the parser from running.

Generated by OpenCVE AI on May 28, 2026 at 17:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0f5e62ea5c43146eacdc6861cb1022ffae1b79bc
https://git.kernel.org/stable/c/971e9c53aed82f17a9c6a65daa4e21cc15eba5b1
https://git.kernel.org/stable/c/980ce2b02dd06a4fdf5fee38b2e14becf9cf7b8b
https://git.kernel.org/stable/c/e97f5fac8ce9a6b9ec724c97d86b0985e915fdca
https://git.kernel.org/stable/c/ec121ad626c319085f6d40a52cd04e99b4554926
https://lore.kernel.org/linux-cve-announce/2026052724-CVE-2026-45921-065b@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45921
https://www.cve.org/CVERecord?id=CVE-2026-45921

History

Thu, 28 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-754 CWE-757

Thu, 28 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026052724-CVE-2026-45921-065b@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45921 https://www.cve.org/CVERecord?id=CVE-2026-45921

Wed, 27 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-754 CWE-757

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() The function mtd_parser_tplink_safeloader_parse() allocates buf via mtd_parser_tplink_safeloader_read_table(). If the allocation for parts[idx].name fails inside the loop, the code jumps to the err_free label without freeing buf, leading to a memory leak. Fix this by freeing the temporary buffer buf in the err_free label. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title		mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0f5e62ea5c43146eacdc6861cb1022ffae1b79bc https://git.kernel.org/stable/c/971e9c53aed82f17a9c6a65daa4e21cc15eba5b1 https://git.kernel.org/stable/c/980ce2b02dd06a4fdf5fee38b2e14becf9cf7b8b https://git.kernel.org/stable/c/e97f5fac8ce9a6b9ec724c97d86b0985e915fdca https://git.kernel.org/stable/c/ec121ad626c319085f6d40a52cd04e99b4554926

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:17:40.032Z

Updated: 2026-05-27T12:17:40.032Z

Reserved: 2026-05-13T15:03:33.085Z

Link: CVE-2026-45921

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:07.070

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45921

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45921 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T17:30:15Z

Weaknesses

CWE-772
Missing Release of Resource after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object