PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45887 Linux CVE debrief

A memory leak vulnerability exists in the Linux kernel's AF_UNIX socket implementation. Specifically, in the `unix_stream_connect()` function, when `prepare_peercred()` fails, the newly created socket (`newsk`) is not properly released via `unix_release_sock()`, resulting in a memory leak. The fix reorders operations to call `prepare_peercred()` before `unix_create1()`, ensuring that credential preparation failures occur before socket allocation, thus preventing the leak.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-06-25
Advisory published
2026-05-27
Advisory updated
2026-06-25

Who should care

Linux system administrators, kernel maintainers, and security teams responsible for kernel patch management and memory-constrained environments

Technical summary

The vulnerability is a memory leak in the Linux kernel's AF_UNIX socket subsystem. In `unix_stream_connect()`, if `prepare_peercred()` fails after `unix_create1()` has allocated a new socket (`newsk`), the error handling path does not call `unix_release_sock()` to free the allocated socket structure. The resolution moves `prepare_peercred()` to execute before `unix_create1()`, ensuring that credential-related failures occur prior to socket allocation and eliminating the leak condition.

Defensive priority

medium

Recommended defensive actions

  • Review Linux kernel versions in use and apply stable kernel updates containing the referenced commits
  • Monitor vendor security advisories for distribution-specific kernel packages
  • Assess systems utilizing AF_UNIX stream sockets for potential memory pressure impacts
  • Verify kernel update deployment through standard patch management workflows

Evidence notes

The vulnerability description and resolution are sourced from the official CVE record published 2026-05-27. The fix involves reordering function calls in `unix_stream_connect()` to prevent memory leak on `prepare_peercred()` failure. Three kernel.org stable tree commits are referenced as source material.

Official resources

2026-05-27