PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45863 Linux CVE debrief

A memory leak vulnerability exists in the Linux kernel's DesignWare I3C master driver. The dw_i3c_master_i2c_xfers() function allocates memory for an xfer structure using dw_i3c_master_alloc_xfer(), but if pm_runtime_resume_and_get() fails, the function returns without freeing the allocated memory. This results in a memory leak on the error path. The fix adds a dw_i3c_master_free_xfer() call to properly release the allocated memory when the runtime power management operation fails. The vulnerability was identified through prototype static analysis tooling and code review, with the fix being compile-tested only.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux kernel maintainers, embedded systems developers using I3C/DesignWare controllers, and organizations running Linux on hardware with I3C bus support should prioritize this fix to prevent memory exhaustion in long-running systems.

Technical summary

The DesignWare I3C master driver in the Linux kernel contains a memory leak in dw_i3c_master_i2c_xfers(). Memory allocated via dw_i3c_master_alloc_xfer() is not freed if pm_runtime_resume_and_get() returns an error, causing resource exhaustion on repeated error conditions. The fix adds proper cleanup via dw_i3c_master_free_xfer() on the error path.

Defensive priority

medium

Recommended defensive actions

  • Review Linux kernel I3C DesignWare driver configurations in your environment
  • Apply kernel updates when available from your distribution
  • Monitor for stable kernel releases containing the referenced commits
  • Consider runtime memory leak detection tools for kernel driver validation

Evidence notes

The vulnerability description indicates this was found using a prototype static analysis tool and code review, with compile testing only performed on the fix. The issue affects the DesignWare I3C master driver in the Linux kernel. Multiple stable kernel branch fixes are referenced in the source data.

Official resources

2026-05-27