Description
In the Linux kernel, the following vulnerability has been resolved:

gpib: Fix memory leak in ni_usb_init()

In ni_usb_init(), if ni_usb_setup_init() fails, the function returns
-EFAULT without freeing the allocated writes buffer, leading to a
memory leak.

Additionally, ni_usb_setup_init() returns 0 on failure, which causes
ni_usb_init() to return -EFAULT, an inappropriate error code for this
situation.

Fix the leak by freeing writes in the error path. Modify
ni_usb_setup_init() to return -EINVAL on failure and propagate this
error code in ni_usb_init().
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the GPIB USB driver contained a flaw where failure in ni_usb_setup_init during initialization left an allocated writes buffer unreleased, creating a memory leak. That leak can gradually consume kernel memory and can lead to degraded performance or system crashes. The code also returned an inappropriate error code, which may mislead callers but does not directly affect the leak.

Affected Systems

All Linux kernel releases before the commit that fixes this issue, affecting any system that loads the GPIB USB driver. No specific kernel versions are listed, so any kernel that still contains the older implementation is susceptible.

Risk and Exploitability

The vulnerability does not permit remote code execution or privilege escalation. It is a local resource exhaustion flaw that can cause denial of service if an attacker repeatedly triggers the problematic initialization path via a user-space program that uses the GPIB USB device. Because the EPSS score is unavailable and it is not listed in KEV, widespread exploitation is unlikely, though a determined local attacker could exploit it to exhaust kernel memory.

Generated by OpenCVE AI on May 27, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the GPIB USB driver patch that frees the writes buffer on failure.
  • Restart the GPIB driver or reboot the system to clear any buffers leaked by earlier initializations.
  • If the GPIB USB driver is not required, remove or disable it so that the vulnerable code never executes.

Generated by OpenCVE AI on May 27, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: gpib: Fix memory leak in ni_usb_init() In ni_usb_init(), if ni_usb_setup_init() fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak. Additionally, ni_usb_setup_init() returns 0 on failure, which causes ni_usb_init() to return -EFAULT, an inappropriate error code for this situation. Fix the leak by freeing writes in the error path. Modify ni_usb_setup_init() to return -EINVAL on failure and propagate this error code in ni_usb_init().
Title gpib: Fix memory leak in ni_usb_init()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:17:55.481Z

Reserved: 2026-05-13T15:03:33.087Z

Link: CVE-2026-45939

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:10.083

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45939

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T16:30:36Z

Weaknesses