Skip to main content

Linux Kernel CVE-2026-45986

| EUVDEUVD-2026-32282 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-xr73-pf2q-ff9g
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access with low privileges required to invoke the ccree crypto API; hardware dependency and local-only vector confirm AV:L/PR:L; no confidentiality or integrity impact from a memory leak.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 14:08 vuln.today
CVSS changed
Jun 16, 2026 - 14:07 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccree - fix a memory leak in cc_mac_digest()

Add cc_unmap_result() if cc_map_hash_request_final() fails to prevent potential memory leak.

AnalysisAI

Memory exhaustion in the Linux kernel's ccree (ARM CryptoCell) driver allows a local low-privileged user to cause a denial of service by repeatedly triggering an error path in cc_mac_digest() that fails to release mapped memory. The vulnerability exists because cc_unmap_result() is not called when cc_map_hash_request_final() returns an error, causing each failed MAC digest operation to leak kernel memory. No active exploitation is confirmed; EPSS is 0.02% at the 5th percentile, consistent with a low-severity, hardware-specific kernel maintenance fix. The 'Information Disclosure' tag in the source data is inconsistent with the CVSS vector (C:N) and description - impact is availability-only.

Technical ContextAI

The ccree driver (drivers/crypto/ccree/) provides kernel-space support for hardware-accelerated cryptography via the ARM TrustZone CryptoCell IP block, found in certain ARM SoCs used in embedded, mobile, and IoT platforms. The cc_mac_digest() function orchestrates a MAC (Message Authentication Code) operation by mapping input/output DMA buffers and submitting hardware requests. CWE-401 (Missing Release of Memory after Effective Lifetime) applies here: when cc_map_hash_request_final() encounters an error and returns early, the code path does not invoke cc_unmap_result() to release the previously allocated result buffer mapping, leaving it permanently leaked in kernel address space. On systems without CryptoCell hardware or with the ccree module not loaded, this code path is entirely unreachable. The CPE confirms the affected product as cpe:2.3:o:linux:linux_kernel across multiple stable branches, introduced at commit 63893811b0fcb52f6eaf9811cc08bddd46f81c3e (Linux 4.17).

RemediationAI

Update the Linux kernel to one of the patched stable releases: 6.6.140, 6.12.86, 6.18.27, 7.0.4, or apply the 7.1-rc1 mainline patch. Branch-specific fix commits are available at git.kernel.org: 3061c9bfb3f5 (6.6.x), 502440c235fe (6.12.x), 22f1dd4ca3bf (6.18.x), 02c64052fad0 (7.0.x), and 910f335786a0 / 7c21d58fcd6a / 7cd17993adb8 / f53458c7c756 for other branches. If immediate patching is not feasible and CryptoCell hardware acceleration is not required by the workload, unloading or blacklisting the ccree module (echo 'blacklist ccree' >> /etc/modprobe.d/blacklist.conf) eliminates exposure entirely; the trade-off is loss of hardware-accelerated crypto operations, falling back to software implementations. No other targeted workaround is applicable for systems that must use the ccree driver.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

CVE-2026-45986 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy