media: chips-media: wave5: Fix memory leak on codec_info allocation failure

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-45928
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-27 14:17:08 UTC
Updated2026-05-27 14:48:03 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codec_info allocation failure In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is allocated via kzalloc(). If the subsequent allocation for inst->codec_info fails, the functions return -ENOMEM without freeing the previously allocated instance, causing a memory leak. Fix this by calling kfree() on the instance in this error path to ensure it is properly released.

Risk And Classification

EPSS: 0.000180000 probability, percentile 0.048460000 (date 2026-06-01)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 9707a6254a8a6b978bde811a44fe07d86c229d1c 52defdd4034db1a34bb48006f889d66a3629224b git Not specified
CNA Linux Linux affected 9707a6254a8a6b978bde811a44fe07d86c229d1c 1de71556cbd6e1d0d26fb86b9b3bb8caa0df8495 git Not specified
CNA Linux Linux affected 9707a6254a8a6b978bde811a44fe07d86c229d1c 32e9e45cf7e3422d21fa64535588d3572faf71c3 git Not specified
CNA Linux Linux affected 9707a6254a8a6b978bde811a44fe07d86c229d1c a519e21e32398459ba357e67b541402f7295ee1b git Not specified
CNA Linux Linux affected 6.8 Not specified
CNA Linux Linux unaffected 6.8 semver Not specified
CNA Linux Linux unaffected 6.12.75 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.14 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.4 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/52defdd4034db1a34bb48006f889d66a3629224b 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/a519e21e32398459ba357e67b541402f7295ee1b 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/1de71556cbd6e1d0d26fb86b9b3bb8caa0df8495 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/32e9e45cf7e3422d21fa64535588d3572faf71c3 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report