CVE-2026-45921
Published May 27, 2026
Modified May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse() The function mtd_parser_tplink_safeloader_parse() allocates buf via mtd_parser_tplink_safeloader_read_table(). If the allocation for parts[idx].name fails inside the loop, the code jumps to the err_free label without freeing buf, leading to a memory leak. Fix this by freeing the temporary buffer buf in the err_free label. Compile tested only. Issue found using a prototype static analysis tool and code review.
References
Other References
https://git.kernel.org/stable/c/0f5e62ea5c43146eacdc6861cb1022ffae1b79bc
https://git.kernel.org/stable/c/971e9c53aed82f17a9c6a65daa4e21cc15eba5b1
https://git.kernel.org/stable/c/980ce2b02dd06a4fdf5fee38b2e14becf9cf7b8b
https://git.kernel.org/stable/c/e97f5fac8ce9a6b9ec724c97d86b0985e915fdca
https://git.kernel.org/stable/c/ec121ad626c319085f6d40a52cd04e99b4554926
Frequently Asked Questions
What is CVE-2026-45921? +
In the Linux kernel, the following vulnerability has been resolved:
mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()
The function mtd_parser_tplink_safeloader_parse() allocates buf via
mtd_parser_tplink_safeloader_read_table(). If the allocation for
parts[idx].name fails inside the loop, the code jumps to the err_free
label without freeing buf, leading to a memory leak.
Fix this by freeing the temporary buffer buf in the err_free label.
Compile tested only. Issue found using a prototype static analysis tool
and code review.
How do I check if I'm vulnerable to CVE-2026-45921? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.