Skip to main content

Linux Kernel CVE-2026-45887

| EUVDEUVD-2026-32353 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-c5xh-c73j-mcx2
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local attack vector and PR:L confirmed because only an authenticated local user can initiate UNIX domain socket connections; impact is availability-only as the flaw causes kernel memory exhaustion with no data exposure or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:30 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Fix memleak of newsk in unix_stream_connect().

When prepare_peercred() fails in unix_stream_connect(), unix_release_sock() is not called for newsk, and the memory is leaked.

Let's move prepare_peercred() before unix_create1().

AnalysisAI

Memory leak in the Linux kernel's af_unix subsystem allows a local low-privileged user to exhaust kernel memory by repeatedly triggering a failure path in unix_stream_connect(). When prepare_peercred() fails after unix_create1() has already allocated a new socket object (newsk), the error path omits the required unix_release_sock() call, leaving kernel memory permanently unreleased. No public exploit has been identified at time of analysis; EPSS at 0.02% (4th percentile) reflects negligible widespread exploitation likelihood, consistent with the local-only attack vector.

Technical ContextAI

The vulnerability resides in the af_unix UNIX domain socket subsystem of the Linux kernel, specifically in the unix_stream_connect() function path. CWE-401 (Missing Release of Memory after Effective Lifetime) describes the root cause: unix_create1() allocates a new peer socket (newsk) before prepare_peercred() is called to set up credential state; if prepare_peercred() returns an error, the error-handling branch does not invoke unix_release_sock() to free the already-allocated socket object, producing a permanent kernel heap memory leak. The upstream fix relocates the prepare_peercred() call to before unix_create1() so that a credential failure exits cleanly without any socket object having been allocated. Affected CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*, spanning all builds from the introducing commit fd0a109a0f6b7524543d17520da92a44a9f5343c up to the respective stable-branch fix commits.

RemediationAI

Upgrade the Linux kernel to a patched version: 6.18.14, 6.19.4, or 7.0, as confirmed by EUVD-2026-32353. The three upstream stable fix commits are available at https://git.kernel.org/stable/c/365996a2b14d07caa9e33d367b67ea26c09d89b4, https://git.kernel.org/stable/c/a5d95d7caba0160fb7b2b8d2bd96d5a1be861d9f, and https://git.kernel.org/stable/c/6884028cd7f275f8bcb854a347265cb1fb0e4bea. Enterprise Linux distributions (RHEL, SUSE, Debian, Ubuntu) are expected to backport this fix to their respective long-term support kernels; consult vendor-specific errata for patched package builds. If an immediate kernel upgrade is not possible, restricting untrusted local user access to UNIX domain socket creation via seccomp-bpf profiles or network namespace isolation can limit the exploitable attack surface, with the trade-off that applications relying on UNIX sockets in those namespaces will be affected. Monitoring kernel slab memory growth (via /proc/slabinfo or slabtop) can help detect active leak accumulation until patching is completed.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-45887 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy