Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

Annotating a local pointer variable, which will be assigned with the
kmalloc-family functions, with the `__cleanup(kfree)` attribute will
make the address of the local variable, rather than the address returned
by kmalloc, passed to kfree directly and lead to a crash due to invalid
deallocation of stack address. According to other places in the repo,
the correct usage should be `__free(kfree)`. The code coincidentally
compiled because the parameter type `void *` of kfree is compatible with
the desired type `struct { ... } **`.
Published: 2026-05-27
Score: 7.0 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local pointer variable in the Linux kernel annotated with the cleanup attribute __cleanup(kfree) caused the kernel to deallocate the address of a stack variable instead of the memory allocated by kmalloc. The resulting improper deallocation triggers a crash when kfree attempts to free a stack address, leading to a kernel panic. This flaw does not provide direct code execution or data exfiltration but can interrupt system operations by causing a kernel denial of service.

Affected Systems

All Linux kernel installations that include the affected code path are susceptible. The patch referenced in the CVE description was merged into the mainline kernel, so older kernels lacking this commit are at risk, while newer kernels incorporating the commit are expected to be safe. No vendor or version details are provided beyond the kernel itself.

Risk and Exploitability

The vulnerability has no known public exploits and is not listed in the CISA KEV catalog. EPSS data is unavailable, so the likelihood of exploitation remains uncertain. Because the flaw requires kernel-level execution, the risk is primarily for local privilege or compromised environments. From an availability standpoint, the crash severity is high, but the lack of a remote attack vector or exploitation evidence keeps the overall threat moderate. Updating the kernel to a version that contains the fix is the recommended risk mitigation.

Generated by OpenCVE AI on May 27, 2026 at 18:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a latest stable release that contains the repository commit specified in the advisory
  • Reboot the machine to load the patched kernel and prevent the crash from occurring
  • Restrict local administrative access to limit the ability of local attackers to trigger kernel execution

Generated by OpenCVE AI on May 27, 2026 at 18:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the `__cleanup(kfree)` attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be `__free(kfree)`. The code coincidentally compiled because the parameter type `void *` of kfree is compatible with the desired type `struct { ... } **`.
Title crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:16.039Z

Reserved: 2026-05-13T15:03:33.089Z

Link: CVE-2026-45959

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:12.543

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45959

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45959 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T20:30:40Z

Weaknesses