Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

The starfive_aes_aead_do_one_req() function allocates rctx->adata with
kzalloc() but fails to free it if sg_copy_to_buffer() or
starfive_aes_hw_init() fails, which lead to memory leaks.

Since rctx->adata is unconditionally freed after the write_adata
operations, ensure consistent cleanup by freeing the allocation in these
earlier error paths as well.

Compile tested only. Issue found using a prototype static analysis tool
and code review.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the starfive_aes_aead_do_one_req() function of the Linux kernel’s crypto subsystem. An allocation for rctx->adata is made with kzalloc, but when sg_copy_to_buffer() or starfive_aes_hw_init() fails, the function does not free this memory. Because rctx->adata is always freed later only after a successful write_adata operation, an error path can leave the allocation unfreed, resulting in a memory leak. The weakness can lead to gradual degradation of system memory availability, potentially causing the kernel to experience out‑of‑memory conditions over time. The flaw is a classic resource management defect, identified as CWE‑772 and CWE‑401.

Affected Systems

All Linux kernel releases that include the starfive_aes_aead_do_one_req() implementation are affected until a patch that removes the leak is applied. The issue appears in upstream Linux kernel source that contains the starfive driver and affects any configuration that loads the starfive crypto module.

Risk and Exploitability

The exploitability of this fault is confined to local privileged processes that can load or manipulate the affected crypto module, as the code operates in kernel context. The likely attack vector is local and requires kernel‑level access. Based on the description, it is inferred that remote exploitation is unlikely. The EPSS score is very low (< 1 %) and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 5.5 indicates moderate severity; however, because a memory leak in kernel space can lead to gradual resource exhaustion, the overall risk is significant for systems under high memory pressure.

Generated by OpenCVE AI on June 16, 2026 at 23:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that includes the corrected starfive_aes_aead_do_one_req() implementation, such as commit 38d80307decc1132626a30e2a62af734630ecca5 or later.
  • If an immediate kernel upgrade is not feasible, disable the starfive crypto module to prevent the vulnerable code from executing.
  • If custom patching is required, insert a defensive free() in the error paths to clean up rctx->adata and eliminate the leak.

Generated by OpenCVE AI on June 16, 2026 at 23:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req() The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free it if sg_copy_to_buffer() or starfive_aes_hw_init() fails, which lead to memory leaks. Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well. Compile tested only. Issue found using a prototype static analysis tool and code review.
Title crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:06.482Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45950

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:11.483

Modified: 2026-06-16T02:34:46.907

Link: CVE-2026-45950

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45950 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:15:16Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime