CVE-2026-45950

EUVD-2026-32234

27.05.2026, 14:17

In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

The starfive_aes_aead_do_one_req() function allocates rctx->adata with
kzalloc() but fails to free it if sg_copy_to_buffer() or
starfive_aes_hw_init() fails, which lead to memory leaks.

Since rctx->adata is unconditionally freed after the write_adata
operations, ensure consistent cleanup by freeing the allocation in these
earlier error paths as well.

Compile tested only. Issue found using a prototype static analysis tool
and code review.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.172-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.251-5 fixed
forky	7.0.9-1 fixed
sid	7.0.9-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.90-1 fixed

References

https://git.kernel.org/stable/c/38d80307decc1132626a30e2a62af734630ecca5

https://git.kernel.org/stable/c/4869d0e4e48a5301b267d359b2561c4080791a55

https://git.kernel.org/stable/c/5f2c964a058581e1557c32d5de651c67a80438a7

https://git.kernel.org/stable/c/ccb679fdae2e62ed92fd9acb25ed809c0226fcc6