CVE-2026-45928 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix memory leak on codec_info allocation failure

In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is
allocated via kzalloc(). If the subsequent allocation for inst->codec_info
fails, the functions return -ENOMEM without freeing the previously
allocated instance, causing a memory leak.

Fix this by calling kfree() on the instance in this error path to ensure
it is properly released.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`9707a6254a8a6b978bde811a44fe07d86c229d1c`	affected	< 52defdd4034db1a34bb48006f889d66a3629224b
`9707a6254a8a6b978bde811a44fe07d86c229d1c`	affected	< 1de71556cbd6e1d0d26fb86b9b3bb8caa0df8495
`9707a6254a8a6b978bde811a44fe07d86c229d1c`	affected	< 32e9e45cf7e3422d21fa64535588d3572faf71c3
`9707a6254a8a6b978bde811a44fe07d86c229d1c`	affected	< a519e21e32398459ba357e67b541402f7295ee1b

Linux

affected

Version	Status	Constraints
`6.8`	affected	—
`0`	unaffected	< 6.8
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/1de71556cbd6e1d0d26fb86b9b3bb8caa0df8495
https://git.kernel.org/stable/c/32e9e45cf7e3422d21fa64535588d3572faf71c3
https://git.kernel.org/stable/c/52defdd4034db1a34bb48006f889d66a3629224b
https://git.kernel.org/stable/c/a519e21e32398459ba357e67b541402f7295ee1b

History

Wed, 27 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-399

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codec_info allocation failure In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is allocated via kzalloc(). If the subsequent allocation for inst->codec_info fails, the functions return -ENOMEM without freeing the previously allocated instance, causing a memory leak. Fix this by calling kfree() on the instance in this error path to ensure it is properly released.
Title		media: chips-media: wave5: Fix memory leak on codec_info allocation failure
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1de71556cbd6e1d0d26fb86b9b3bb8caa0df8495 https://git.kernel.org/stable/c/32e9e45cf7e3422d21fa64535588d3572faf71c3 https://git.kernel.org/stable/c/52defdd4034db1a34bb48006f889d66a3629224b https://git.kernel.org/stable/c/a519e21e32398459ba357e67b541402f7295ee1b

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:17:47.075Z

Updated: 2026-05-27T12:17:47.075Z

Reserved: 2026-05-13T15:03:33.086Z

Link: CVE-2026-45928

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:08.707

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45928

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T19:45:40Z

Weaknesses

CWE-399

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object