Skip to main content

Linux Kernel CVE-2026-45872

| EUVDEUVD-2026-32338 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-8frc-mrh9-rmfg
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access and low privileges required to reach driver error paths; availability-only impact from kernel memory exhaustion with no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:14 vuln.today
CVSS changed
Jun 25, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()

pqi_report_phys_luns() fails to release the rpl_list buffer when encountering an unsupported data format or when the allocation for rpl_16byte_wwid_list fails. These early returns bypass the cleanup logic, leading to memory leaks.

Consolidate the error handling by adding an out_free_rpl_list label and use goto statements to ensure rpl_list is consistently freed on failure.

Compile tested only. Issue found using a prototype static analysis tool and code review.

AnalysisAI

Memory exhaustion denial-of-service in the Linux kernel smartpqi SCSI driver allows a local user to degrade system availability through kernel memory leak accumulation. The vulnerability exists in pqi_report_phys_luns(), which fails to release the rpl_list buffer on two distinct error paths - unsupported data format detection and rpl_16byte_wwid_list allocation failure - both of which bypass cleanup logic. No public exploit exists and EPSS sits at 0.02% (7th percentile), but systems running Microsemi/PMC-Sierra SmartPQI RAID controllers on unpatched kernels are at risk of gradual availability degradation.

Technical ContextAI

The affected component is the Linux kernel's smartpqi driver (drivers/scsi/smartpqi/), which manages Microsemi (formerly PMC-Sierra) SmartPQI RAID controllers. The root cause is CWE-401 (Missing Release of Memory after Effective Lifetime): pqi_report_phys_luns() allocates an rpl_list buffer via kernel memory allocation, then has two early-return code paths that exit without freeing this buffer - one triggered by an unsupported LUN data format, and another triggered by a failed allocation of the derived rpl_16byte_wwid_list. The fix consolidates these exits through a single 'out_free_rpl_list' cleanup label using goto, a standard Linux kernel error-handling idiom. The CPE cpe:2.3:o:linux:linux_kernel confirms the vulnerability is in the mainline Linux kernel tree introduced at commit 28ca6d876c5a375094847606046e0bf5d044d9b4. The 'Information Disclosure' tag in the source data appears inconsistent with both the CVE description and the CVSS C:N metric - no confidentiality impact is documented.

RemediationAI

Apply the upstream stable kernel patches available via the Linux stable tree at https://git.kernel.org/stable/c/41b37312bd9722af77ec7817ccf22d7a4880c289, https://git.kernel.org/stable/c/454570434114e4862767f506a442a0f110b639b2, https://git.kernel.org/stable/c/d52e13122d3771f753dd73ae6512fa01f58015cb, https://git.kernel.org/stable/c/e5579ebaadc7b699868dad0f591a7bf83cd647e1, https://git.kernel.org/stable/c/f471ecfec093e39ef8fd08978413793087daa14d, and https://git.kernel.org/stable/c/fdf1188cfa80f88c9f18d58cb33d57ff40e70e26. Upgrade to patched kernel versions 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0 as appropriate for your stable branch. For systems where a kernel update is not immediately feasible and where the smartpqi hardware is not in active use, blacklisting the smartpqi kernel module ('echo blacklist smartpqi >> /etc/modprobe.d/blacklist.conf') prevents the driver from loading, eliminating the attack surface entirely - note this will make SmartPQI-managed storage inaccessible. No workaround is appropriate for systems actively depending on the controller. Monitor downstream distribution advisories (Red Hat, Debian, Ubuntu, SUSE) for packaged updates.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

CVE-2026-45872 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy