CVE-2026-45959
Analyzed Analyzed - Analysis Complete
Incorrect kfree Cleanup Usage in Linux Kernel Crypto CCP

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the `__cleanup(kfree)` attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be `__free(kfree)`. The code coincidentally compiled because the parameter type `void *` of kfree is compatible with the desired type `struct { ... } **`.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45959
EUVD
EUVD-2026-32243
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.17 (inc) to 6.18.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's crypto component, specifically in the ccp module. It is caused by incorrect usage of the kfree function for cleanup. A local pointer variable was annotated with the __cleanup(kfree) attribute, which incorrectly causes the address of the local variable itself to be passed to kfree instead of the address returned by kmalloc. This leads to an invalid deallocation of a stack address, causing a crash.

The correct usage should have been __free(kfree) instead of __cleanup(kfree). The code compiled without error due to type compatibility, but the logic was flawed, resulting in the crash.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to invalid memory deallocation. Such crashes can lead to system instability, denial of service, or unexpected reboots, impacting the availability and reliability of systems running the affected kernel.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45959. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart