Description
In the Linux kernel, the following vulnerability has been resolved:

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

In au1200fb_drv_probe(), when platform_get_irq fails(), it directly
returns from the function with an error code, which causes a memory
leak.

Replace it with a goto label to ensure proper cleanup.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory leak in the Linux kernel’s au1200fb driver occurs when the probe function encounters an IRQ retrieval failure. The driver returns prematurely without freeing allocated resources, leading to an incremental leak that may deplete kernel memory over time. While the issue does not grant direct control or data exfiltration, sustained exploitation can cause a denial of service by exhausting memory available for the OS and other processes.

Affected Systems

The vulnerability affects the Linux kernel, specifically the au1200fb framebuffer driver on the Atheros Auna 1200 platform. The affected kernels include the 6.5 series and its release candidates (rc3 to rc7). No other vendors or product variants are listed as impacted.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate severity. The EPSS score is less than 1%, which points to a very low but nonzero exploitation probability, and the vulnerability is not listed in the CISA KEV catalog, meaning no confirmed exploitation in the wild. The attack vector is inferred to be local, as the memory leak only occurs when the hardware device is probed during kernel initialization. Exploitation would require a user who can influence the device’s presence or trigger a kernel reboot to force the probe again, keeping the risk low relative to more direct exploits. Nonetheless, the lack of cleanup can lead to service interruption if left unpatched.

Generated by OpenCVE AI on June 16, 2026 at 21:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that includes commit 071d8fb or the equivalent patch for au1200fb.
  • If an update is not immediately possible, download the diff from the referenced git commits and apply the patch manually to the kernel source before building.
  • Reboot the system after applying the update or patch to ensure the driver is reloaded with the proper cleanup logic.

Generated by OpenCVE AI on June 16, 2026 at 21:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:o:linux:linux_kernel:6.5:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 28 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References

Wed, 27 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe() In au1200fb_drv_probe(), when platform_get_irq fails(), it directly returns from the function with an error code, which causes a memory leak. Replace it with a goto label to ensure proper cleanup.
Title fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:10.004Z

Reserved: 2026-05-13T15:03:33.088Z

Link: CVE-2026-45954

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:11.917

Modified: 2026-06-16T02:33:44.087

Link: CVE-2026-45954

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45954 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T21:30:16Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime