Skip to main content

Linux Kernel EUVDEUVD-2026-32223

| CVE-2026-45939 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-gw83-jh7x-85p6
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access with low privileges required to trigger driver initialization; no confidentiality or integrity impact, only memory exhaustion affecting availability.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 24, 2026 - 17:25 vuln.today
CVSS changed
Jun 24, 2026 - 17:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

gpib: Fix memory leak in ni_usb_init()

In ni_usb_init(), if ni_usb_setup_init() fails, the function returns -EFAULT without freeing the allocated writes buffer, leading to a memory leak.

Additionally, ni_usb_setup_init() returns 0 on failure, which causes ni_usb_init() to return -EFAULT, an inappropriate error code for this situation.

Fix the leak by freeing writes in the error path. Modify ni_usb_setup_init() to return -EINVAL on failure and propagate this error code in ni_usb_init().

AnalysisAI

Memory leak in the Linux kernel's NI USB GPIB driver allows a local low-privileged user to exhaust kernel memory by repeatedly triggering a failed initialization path. The flaw exists in ni_usb_init(), where a writes buffer is allocated but never freed when ni_usb_setup_init() returns failure, compounding the issue with an incorrect error code (-EFAULT instead of -EINVAL). No public exploit is identified at time of analysis, and EPSS sits at 0.02%, consistent with the niche hardware driver context and local-only attack surface.

Technical ContextAI

The affected code resides in the Linux kernel's GPIB (General Purpose Interface Bus) subsystem, specifically the NI (National Instruments) USB driver module. CWE-401 (Missing Release of Memory after Effective Lifetime) identifies the root cause: allocated heap memory for the writes buffer is not released in the error handling path when ni_usb_setup_init() fails. A secondary bug is that ni_usb_setup_init() returned 0 on failure, masking the error and causing ni_usb_init() to return -EFAULT rather than a semantically appropriate error code. The fix propagates -EINVAL from the setup function and adds an explicit kfree() in the error path. CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* confirms this affects the Linux kernel broadly, though the actual impact is constrained to systems running this specific GPIB USB driver.

RemediationAI

The primary fix is to upgrade the Linux kernel to a patched release: 6.18.14, 6.19.4, or 7.0 as applicable to the deployed stable branch. The upstream fix commits are available at https://git.kernel.org/stable/c/9c97fcfb7a62dea893104a046d544da8ac23370b, https://git.kernel.org/stable/c/c899d4b62c0757a280831e89c1f3801b597e8f38, and https://git.kernel.org/stable/c/b89921eed8cf2d97250bac4be38dbcfbf048b586. For systems that cannot be patched immediately, a practical compensating control is to blacklist the ni_usb_gpib kernel module (add 'blacklist ni_usb_gpib' to /etc/modprobe.d/) if the NI USB GPIB hardware is not in active use - this eliminates the attack surface entirely with no functional trade-off on systems not using this hardware. If the hardware is required, restricting physical and local user access to the system limits exposure, though with some operational inconvenience.

Vendor StatusVendor

SUSE

Severity: Low
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

EUVD-2026-32223 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy