CVE Catalog

CVE-2026-45887

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

A memory leak was found in the Linux kernel's unix_stream_connect() function for AF_UNIX sockets. When prepare_peercred() fails, unix_release_sock() is not called for the new socket (newsk), causing a memory leak.

Risk Assessment

The memory leak can lead to gradual exhaustion of system resources, potentially causing a denial of service (DoS) under prolonged operation or heavy connection creation.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix, which moves the prepare_peercred() call before unix_create1() to ensure proper resource cleanup on error.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix memleak of newsk in unix_stream_connect(). When prepare_peercred() fails in unix_stream_connect(), unix_release_sock() is not called for newsk, and the memory is leaked. Let's move prepare_peercred() before unix_create1().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS