Skip to main content

Linux Kernel CVE-2026-45921

| EUVDEUVD-2026-32387 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-4mx2-9f8m-cpmr
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

AC raised to H because exploitation requires inducing a kernel allocation failure during MTD parsing, not a directly controllable condition for a local user.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 24, 2026 - 17:41 vuln.today
CVSS changed
Jun 24, 2026 - 17:38 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()

The function mtd_parser_tplink_safeloader_parse() allocates buf via mtd_parser_tplink_safeloader_read_table(). If the allocation for parts[idx].name fails inside the loop, the code jumps to the err_free label without freeing buf, leading to a memory leak.

Fix this by freeing the temporary buffer buf in the err_free label.

Compile tested only. Issue found using a prototype static analysis tool and code review.

AnalysisAI

Memory leak in the Linux kernel's MTD TP-Link SafeLoader partition parser allows a local low-privileged user to cause availability degradation on affected embedded systems. The mtd_parser_tplink_safeloader_parse() function omits freeing a temporary buffer buf on the error path when a subsequent kmalloc() for parts[idx].name fails inside the parsing loop. No public exploit exists and EPSS is negligible at 0.02% (5th percentile); this vulnerability was identified via static analysis and code review, not observed exploitation.

Technical ContextAI

The flaw resides in the Linux kernel's Memory Technology Device (MTD) subsystem, specifically the TP-Link SafeLoader partition table parser (drivers/mtd/parsers/tplink_safeloader.c). CWE-401 (Missing Release of Memory after Effective Lifetime) applies: mtd_parser_tplink_safeloader_read_table() allocates a temporary buffer buf to hold raw partition table data read from MTD flash. Inside the subsequent parsing loop, if the kmalloc() call for parts[idx].name fails, control jumps to the err_free error label, which cleans up parts but omits kfree(buf). The fix adds the missing kfree(buf) to that label. Affected CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* across multiple stable branches from introducing commit 00a3588084bee6f37bb2b1d343f96900cfe049bc onward. Note: the input data tags this as 'Information Disclosure', which conflicts with the CVSS vector (C:N) and CWE-401 classification - the actual impact is availability (memory exhaustion), not confidentiality.

RemediationAI

Upgrade to a patched Linux kernel version: 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0, as confirmed by EUVD-2026-32387. Individual stable-branch commits are available at git.kernel.org (see references for the five commit hashes). For embedded Linux distributions (OpenWrt, vendor-supplied router firmware), apply the corresponding stable patch or await an upstream vendor firmware release. No workaround is needed for general-purpose Linux deployments - servers, desktops, containers, and cloud VMs do not load the TP-Link SafeLoader MTD parser under normal conditions, as no TP-Link-format MTD flash is present. For embedded deployments where patching is infeasible, restricting local shell access to the device reduces exposure but does not eliminate the underlying flaw.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-45921 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy