CVE-2026-45928

Source
https://cve.org/CVERecord?id=CVE-2026-45928
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45928.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45928
Downstream
Published
2026-05-27T12:17:47.075Z
Modified
2026-06-27T11:55:37.496545144Z
Summary
media: chips-media: wave5: Fix memory leak on codec_info allocation failure
Details

In the Linux kernel, the following vulnerability has been resolved:

media: chips-media: wave5: Fix memory leak on codec_info allocation failure

In wave5vpuopenenc() and wave5vpuopendec(), a vpu instance is allocated via kzalloc(). If the subsequent allocation for inst->codec_info fails, the functions return -ENOMEM without freeing the previously allocated instance, causing a memory leak.

Fix this by calling kfree() on the instance in this error path to ensure it is properly released.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45928.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9707a6254a8a6b978bde811a44fe07d86c229d1c
Fixed
52defdd4034db1a34bb48006f889d66a3629224b
Fixed
1de71556cbd6e1d0d26fb86b9b3bb8caa0df8495
Fixed
32e9e45cf7e3422d21fa64535588d3572faf71c3
Fixed
a519e21e32398459ba357e67b541402f7295ee1b

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45928.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45928.json"