PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45921 Linux CVE debrief

A memory leak vulnerability exists in the Linux kernel's MTD (Memory Technology Device) parser subsystem, specifically within the TP-Link Safeloader parser. The function `mtd_parser_tplink_safeloader_parse()` allocates a buffer via `mtd_parser_tplink_safeloader_read_table()`. If a subsequent allocation for `parts[idx].name` fails during loop iteration, the error handling path jumps to the `err_free` label without releasing the previously allocated buffer, resulting in a memory leak. The fix adds proper deallocation of the temporary buffer at the `err_free` label. This vulnerability was identified through prototype static analysis tooling and code review, with the fix compile-tested only. The issue affects kernel-level MTD parsing functionality used in TP-Link device firmware handling.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Embedded Linux developers maintaining systems with TP-Link networking equipment; firmware security teams; kernel maintainers for long-term support distributions

Technical summary

The vulnerability resides in `drivers/mtd/parsers/tplink_safeloader.c`. The parser reads partition tables from TP-Link Safeloader firmware images. The buffer `buf` allocated by `mtd_parser_tplink_safeloader_read_table()` is not freed when `kstrdup()` allocation for partition names fails, causing a memory leak in error paths. The fix adds `kfree(buf)` to the `err_free` cleanup label. Multiple stable kernel branches received backports of this fix.

Defensive priority

low

Recommended defensive actions

  • Review kernel MTD parser configurations on embedded Linux systems utilizing TP-Link Safeloader firmware parsing
  • Apply stable kernel updates containing commits ec121ad626c319085f6d40a52cd04e99b4554926, e97f5fac8ce9a6b9ec724c97d86b0985e915fdca, 980ce2b02dd06a4fdf5fee38b2e14becf9cf7b8b, 971e9c53aed82f17a9c6a65daa4e21cc15eba5b1, or 0f
  • Monitor NVD for CVSS score assignment and updated severity rating
  • Assess embedded device exposure to TP-Link Safeloader firmware parsing paths

Evidence notes

Vulnerability description sourced from official CVE record published 2026-05-27. Fix commits identified in kernel.org stable tree. No CVSS score or severity assigned by NVD at time of disclosure (status: Awaiting Analysis). Vendor attribution marked low confidence based on reference domain analysis; kernel-level issue affects Linux MTD subsystem.

Official resources

2026-05-27