CVE-2026-45887
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
A memory leak was found in the Linux kernel's unix_stream_connect() function for AF_UNIX sockets. When prepare_peercred() fails, unix_release_sock() is not called for the new socket (newsk), causing a memory leak.
Risk Assessment
The memory leak can lead to gradual exhaustion of system resources, potentially causing a denial of service (DoS) under prolonged operation or heavy connection creation.
Recommendation
It is recommended to immediately update the Linux kernel to a version containing the fix, which moves the prepare_peercred() call before unix_create1() to ensure proper resource cleanup on error.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix memleak of newsk in unix_stream_connect(). When prepare_peercred() fails in unix_stream_connect(), unix_release_sock() is not called for newsk, and the memory is leaked. Let's move prepare_peercred() before unix_create1().

