CVE-2026-45863
Awaiting Analysis Awaiting Analysis - Queue
Memory Leak in Linux Kernel I3C Driver

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() The dw_i3c_master_i2c_xfers() function allocates memory for the xfer structure using dw_i3c_master_alloc_xfer(). If pm_runtime_resume_and_get() fails, the function returns without freeing the allocated xfer, resulting in a memory leak. Add a dw_i3c_master_free_xfer() call to the error path to ensure the allocated memory is properly freed. Compile tested only. Issue found using a prototype static analysis tool and code review.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45863
EUVD
EUVD-2026-32329
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's i3c driver, specifically in the function dw_i3c_master_i2c_xfers().

The function allocates memory for a transfer structure using dw_i3c_master_alloc_xfer(). However, if the call to pm_runtime_resume_and_get() fails, the function returns without freeing the allocated memory, causing a memory leak.

The fix involves adding a call to dw_i3c_master_free_xfer() in the error path to ensure the allocated memory is properly freed.

Impact Analysis

This memory leak can lead to increased memory usage over time, potentially causing system instability or degraded performance if the affected function is called repeatedly and the memory is not freed.

In environments where the Linux kernel's i3c driver is used extensively, this could result in resource exhaustion or crashes.

Mitigation Strategies

The vulnerability is a memory leak in the Linux kernel's i3c driver function dw_i3c_master_i2c_xfers(). To mitigate this issue, you should update your Linux kernel to a version where this vulnerability has been fixed.

The fix involves adding a call to dw_i3c_master_free_xfer() in the error path to ensure allocated memory is properly freed.

Since this is a kernel-level issue, applying the latest kernel patches or upgrading to a kernel version released after 2026-05-27 is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45863. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart