What is GHSA-j7ww-q9c4-9hxg?

GHSA-j7ww-q9c4-9hxg is a security advisory published by GitHub Security Advisories with unknown severity. In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix...

Which CVE IDs does GHSA-j7ww-q9c4-9hxg cover?

GHSA-j7ww-q9c4-9hxg covers the following CVE IDs: CVE-2026-45950. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-j7ww-q9c4-9hxgunknown

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Fix...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-45950 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Fix memory leak in starfive_aes_aead_do_one_req()

The starfive_aes_aead_do_one_req() function allocates rctx->adata with kzalloc() but fails to free it if sg_copy_to_buffer() or starfive_aes_hw_init() fails, which lead to memory leaks.

Since rctx->adata is unconditionally freed after the write_adata operations, ensure consistent cleanup by freeing the allocation in these earlier error paths as well.

Compile tested only. Issue found using a prototype static analysis tool and code review.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-45950
https://git.kernel.org/stable/c/38d80307decc1132626a30e2a62af734630ecca5
https://git.kernel.org/stable/c/4869d0e4e48a5301b267d359b2561c4080791a55
https://git.kernel.org/stable/c/5f2c964a058581e1557c32d5de651c67a80438a7
https://git.kernel.org/stable/c/ccb679fdae2e62ed92fd9acb25ed809c0226fcc6
https://github.com/advisories/GHSA-j7ww-q9c4-9hxg