Skip to main content

Linux Kernel EUVDEUVD-2026-32366

| CVE-2026-45900 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-4wj9-54w5-mwm9
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local kernel probe error path with no user-controlled trigger; PR:L reflects local system presence on target hardware; C:N/I:N confirmed by CWE-401 memory-leak-only impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 24, 2026 - 18:51 vuln.today
CVSS changed
Jun 24, 2026 - 16:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

crypto: caam - fix netdev memory leak in dpaa2_caam_probe

When commit 0e1a4d427f58 ("crypto: caam: Unembed net_dev structure in dpaa2") converted embedded net_device to dynamically allocated pointers, it added cleanup in dpaa2_dpseci_disable() but missed adding cleanup in dpaa2_dpseci_free() for error paths.

This causes memory leaks when dpaa2_dpseci_dpio_setup() fails during probe due to DPIO devices not being ready yet. The kernel's deferred probe mechanism handles the retry successfully, but the netdevs allocated during the failed probe attempt are never freed, resulting in kmemleak reports showing multiple leaked netdev-related allocations all traced back to dpaa2_caam_probe().

Fix this by preserving the CPU mask of allocated netdevs during setup and using it for cleanup in dpaa2_dpseci_free(). This approach ensures that only the CPUs that actually had netdevs allocated will be cleaned up, avoiding potential issues with CPU hotplug scenarios.

AnalysisAI

Memory exhaustion vulnerability in the Linux kernel's CAAM DPAA2 crypto driver allows gradual resource depletion on systems with NXP DPAA2 hardware through unreleased per-CPU net_device allocations during failed probe retries. The regression was introduced when commit 0e1a4d427f58 converted embedded net_device structs to dynamically allocated pointers but omitted cleanup in the dpaa2_dpseci_free() error path - meaning every deferred probe retry triggered by a temporarily unavailable DPIO subsystem silently leaks netdev memory. No public exploit exists and EPSS probability is 0.02% (5th percentile), consistent with the hardware-specific, non-user-controlled nature of the defect.

Technical ContextAI

The flaw resides in drivers/crypto/caam/dpaa2_caam.c within the Linux kernel's CAAM (Cryptographic Acceleration and Assurance Module) subsystem, which provides hardware-accelerated cryptographic operations on NXP DPAA2 (Data Path Acceleration Architecture 2) SoCs - typically found in network appliances and embedded platforms. CWE-401 (Missing Release of Memory after Effective Lifetime) is the precise root cause: dpaa2_dpseci_free(), the error-path teardown function called when dpaa2_caam_probe() fails, does not release per-CPU net_device pointers allocated in dpaa2_dpseci_setup(). The cleanup code was added only to the normal-operation disable path (dpaa2_dpseci_disable()) and omitted from the error path when the DPIO (Data Path I/O) layer fails to initialize. The Linux deferred probe mechanism then retries the probe automatically, compounding the leak across retries. Affected CPE: cpe:2.3:o:linux:linux_kernel:* on DPAA2-capable hardware configurations.

RemediationAI

The primary fix is to upgrade to a patched Linux kernel stable release: 6.12.75, 6.18.14, 6.19.4, or 7.0. The four upstream fix commits can be reviewed and cherry-picked from https://git.kernel.org/stable/c/d5c6f254528caf78d5de7d9646dc21c81d351827, https://git.kernel.org/stable/c/e144cce29851610ce9c6eda405ce21118779aa51, https://git.kernel.org/stable/c/7d43252b3060b0ba4a192dce5dba85a3f39ffe39, and https://git.kernel.org/stable/c/d7decb572b55d2af33e59e9858fcee5d9ae69175 for out-of-tree kernels. For systems that cannot be patched immediately, blacklisting the caam_dpaa2 module via a modprobe configuration entry (install caam_dpaa2 /bin/false) will prevent the leak entirely at the cost of losing hardware crypto acceleration on DPAA2 platforms - software fallback will be used instead. Operators can confirm active leakage on affected hardware by inspecting kmemleak output for allocations traced back to dpaa2_caam_probe().

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-32366 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy