What is GHSA-6j4x-6364-q9p3?

GHSA-6j4x-6364-q9p3 is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash...

Which CVE IDs does GHSA-6j4x-6364-q9p3 cover?

GHSA-6j4x-6364-q9p3 covers the following CVE IDs: CVE-2026-45959. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-6j4x-6364-q9p3?

GHSA-6j4x-6364-q9p3 has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-6j4x-6364-q9p3HighCVSS 7.8

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2026-45959 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

Annotating a local pointer variable, which will be assigned with the kmalloc-family functions, with the __cleanup(kfree) attribute will make the address of the local variable, rather than the address returned by kmalloc, passed to kfree directly and lead to a crash due to invalid deallocation of stack address. According to other places in the repo, the correct usage should be __free(kfree). The code coincidentally compiled because the parameter type void * of kfree is compatible with the desired type struct { ... } **.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-45959
https://git.kernel.org/stable/c/90f9090e3e744a8fe3bb6fa0e61f577347728b0b
https://git.kernel.org/stable/c/9a3ace9b010ffd8c422c97844ae152f7c53d6b18
https://git.kernel.org/stable/c/d5abcc33ee76bc26d58b39dc1a097e43a99dd438
https://github.com/advisories/GHSA-6j4x-6364-q9p3