Skip to main content

Linux Kernel CVE-2026-45954

| EUVDEUVD-2026-32238 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-7w99-2x38-38jp
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local driver probe path requires low-privilege local access; no network vector; only availability impact via memory exhaustion; no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 02:39 vuln.today
CVSS changed
Jun 16, 2026 - 02:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()

In au1200fb_drv_probe(), when platform_get_irq fails(), it directly returns from the function with an error code, which causes a memory leak.

Replace it with a goto label to ensure proper cleanup.

AnalysisAI

Memory leak in Linux kernel's fbdev au1200fb framebuffer driver causes resource exhaustion when the probe function encounters IRQ allocation failure. The vulnerability exists in au1200fb_drv_probe() within the au1200fb driver: when platform_get_irq() returns an error, the function returns immediately without releasing previously allocated memory, leading to kernel heap exhaustion over time. Local attackers or repeated probe failures (e.g., via hotplug events on affected MIPS-based Alchemy hardware) can deplete kernel memory, resulting in denial of service. No public exploit has been identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms negligible exploitation interest.

Technical ContextAI

The affected code is in the Linux kernel's fbdev (framebuffer device) subsystem, specifically the au1200fb driver targeting AMD/ATI Alchemy au1200 SoC hardware (MIPS architecture). The driver's probe function au1200fb_drv_probe() allocates kernel memory prior to calling platform_get_irq(). When that IRQ lookup fails, the original code returned directly with an error code, bypassing any cleanup path. CWE-401 (Missing Release of Memory after Effective Lifetime) precisely describes this pattern: memory is successfully allocated but the failure branch exits the function without invoking the corresponding deallocation routines (kfree/devm_kfree). The fix replaces the bare return with a goto that routes control to a cleanup label. Affected CPE: cpe:2.3:o:linux:linux_kernel across multiple stable series from 4.14 through 6.19 and 7.0.

RemediationAI

Apply the vendor-released kernel patch for the appropriate stable series: upgrade to 5.10.252 or later for the 5.10.x series, 5.15.202 or later for 5.15.x, 6.1.165 or later for 6.1.x, 6.6.128 or later for 6.6.x, 6.12.75 or later for 6.12.x, 6.18.14 or later for 6.18.x, 6.19.4 or later for 6.19.x, or 7.0 for the mainline series. Patch commits are referenced at https://git.kernel.org/stable/c/071d8fb757a8318f72c8e02898c2cf7e14e21fb6 and related stable-tree commits. As a compensating control where patching is not immediately feasible, the au1200fb kernel module can be blacklisted (add 'blacklist au1200fb' to /etc/modprobe.d/blacklist.conf) if framebuffer support on Alchemy hardware is not required - this prevents the probe function from executing entirely. Trade-off: framebuffer console and display output on affected hardware will be unavailable. Given the hardware-specific scope, most general-purpose Linux deployments are unaffected and no action is required.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-45954 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy