Skip to main content

Linux Kernel CVE-2026-45881

| EUVDEUVD-2026-32347 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-863v-gcwh-wp4v
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.4 MEDIUM

Debugfs write access requires root/CAP_SYS_ADMIN in default configurations, warranting PR:H over NVD-assigned PR:L; no confidentiality or integrity impact applies.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
4.4 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:29 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()

In svs_enable_debug_write(), the buf allocated by memdup_user_nul() is leaked if kstrtoint() fails.

Fix this by using __free(kfree) to automatically free buf, eliminating the need for explicit kfree() calls and preventing leaks.

[Angelo: Added missing cleanup.h inclusion]

AnalysisAI

Memory exhaustion via the MediaTek SVS (Smart Voltage Scaling) debugfs interface in the Linux kernel allows a local attacker with low privileges to leak kernel memory on MediaTek SoC-based systems. The root cause is that svs_enable_debug_write() allocates a buffer via memdup_user_nul() to copy user-supplied input, but fails to free it when the subsequent kstrtoint() call rejects non-integer input - a classic CWE-401 missing-release flaw. No public exploit has been identified and EPSS is 0.02% (7th percentile), making this a low-urgency, patch-when-convenient issue for the narrow device population running affected MediaTek SoC kernels.

Technical ContextAI

The affected code resides in drivers/soc/mediatek/mtk-svs.c, specifically the svs_enable_debug_write() function which services writes to a debugfs entry for the MediaTek Smart Voltage Scaling (SVS) power management subsystem. SVS is a SoC-level voltage regulation framework found on MediaTek Helio and Dimensity chipsets. The function uses memdup_user_nul() to safely copy and null-terminate a user-space buffer, then passes it to kstrtoint() for integer conversion. CWE-401 (Missing Release of Memory after Effective Lifetime) manifests here because only the success path freed the buffer; any parse error by kstrtoint() returns early without calling kfree(). The fix adopts the __free(kfree) GCC/Clang scope-based cleanup attribute, which guarantees kfree() is invoked at all exit paths, eliminating the need for explicit error-path cleanup. CPE: cpe:2.3:o:linux:linux_kernel.

RemediationAI

The primary fix is to upgrade to a patched Linux kernel stable release: 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0, per the EUVD-2026-32347 advisory. Patch commits are published at the kernel stable tree (https://git.kernel.org/stable/c/06195456c4e4de3826c4ca60eca941c472f991d0 and the five associated commits). Distributions shipping affected kernels should apply upstream stable-tree updates through their normal patch processes. As a compensating control where patching is delayed, administrators can restrict write access to the MediaTek SVS debugfs node by ensuring debugfs is mounted with restrictive permissions (debugfs -o uid=0,gid=0,mode=700) or by unmounting debugfs entirely in production environments where kernel debugging is not needed - note this will disable all debugfs-based tooling. Disabling CONFIG_MTK_SVS at build time entirely eliminates the attack surface on systems that do not need MediaTek voltage scaling, at the cost of potential power management regression on affected SoCs.

CVE-2017-3216 CRITICAL POC
9.8 Jun 20

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypa

CVE-2019-15027 CRITICAL POC
9.8 Aug 14

The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows atta

CVE-2016-6492 HIGH POC
7.8 Jan 12

The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges

CVE-2021-37584 HIGH
8.8 Dec 26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected

CVE-2021-37583 HIGH
8.8 Dec 26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rat

CVE-2021-37571 HIGH
8.8 Dec 26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rat

CVE-2021-37569 HIGH
8.8 Dec 26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rat

CVE-2021-37568 HIGH
8.8 Dec 26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rat

CVE-2021-37566 HIGH
8.8 Dec 26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rat

CVE-2021-37563 HIGH
8.8 Dec 26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected

CVE-2021-37561 HIGH
8.8 Dec 26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected

CVE-2021-37560 HIGH
8.8 Dec 26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-45881 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy