CVE-2026-45928
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel that leads to a memory leak on codec_info allocation failure. The functions wave5_vpu_open_enc() and wave5_vpu_open_dec() do not free the previously allocated instance, resulting in a memory leak.
Risk Assessment
Organizations may experience performance issues due to memory leaks, which can lead to instability in applications and operating systems.
Recommendation
It is recommended to update the Linux kernel to a version that includes the fix for this issue to prevent memory leaks.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix memory leak on codec_info allocation failure In wave5_vpu_open_enc() and wave5_vpu_open_dec(), a vpu instance is allocated via kzalloc(). If the subsequent allocation for inst->codec_info fails, the functions return -ENOMEM without freeing the previously allocated instance, causing a memory leak. Fix this by calling kfree() on the instance in this error path to ensure it is properly released.

