CVE-2026-45881 Linux CVE debrief

Who should care

Organizations running Linux systems with MediaTek SoCs utilizing the SVS (Smart Voltage Scaling) driver, particularly those with debug interfaces exposed. Kernel maintainers and embedded Linux developers working with MediaTek platforms should prioritize this fix.

Technical summary

The svs_enable_debug_write() function in drivers/soc/mediatek/mtk-svs.c allocates memory using memdup_user_nul() to copy user-provided debug data. If the subsequent kstrtoint() call fails to parse an integer from this buffer, the function returns early without freeing the allocated memory, resulting in a leak. The resolution adds the __free(kfree) attribute to the buffer declaration, enabling automatic cleanup when the variable goes out of scope regardless of exit path. This pattern eliminates explicit kfree() calls and prevents similar leaks from future code modifications. The fix also required adding cleanup.h header inclusion.

Defensive priority

low

Recommended defensive actions

• Review kernel version and confirm if MediaTek SVS driver is enabled
• Apply kernel updates containing the referenced stable commits when available
• Monitor for kernel memory usage anomalies on affected systems
• Consider disabling SVS debug interfaces if not required for operations

Evidence notes

The vulnerability description indicates a memory leak in svs_enable_debug_write() within the MediaTek SVS driver. The fix uses __free(kfree) for automatic cleanup. Multiple stable kernel commits are referenced, suggesting backports to various kernel versions. No CVSS score or severity rating is currently assigned by NVD (status: Awaiting Analysis).

Official resources