CVE-2026-45959 Linux CVE debrief

Who should care

Linux system administrators running kernels with AMD CCP cryptographic acceleration enabled; security teams tracking kernel memory safety issues; organizations relying on hardware crypto offload on AMD platforms

Technical summary

The vulnerability exists in the AMD CCP (Cryptographic Coprocessor Platform) driver within the Linux kernel's crypto subsystem. A local pointer variable annotated with `__cleanup(kfree)` causes the compiler-generated cleanup code to pass the address of the local variable (on the stack) to kfree, rather than the heap address stored in that variable. This occurs because `__cleanup` passes the address of the annotated variable, and kfree's `void *` parameter type accepts the `struct ** ` type without complaint. The `__free(kfree)` attribute is the correct alternative, as it dereferences the pointer to obtain the actual allocated address. The code compiled successfully due to type compatibility between `void *` and the pointer-to-pointer type, masking the error until runtime crash.

Defensive priority

medium

Recommended defensive actions

• Review Linux kernel configurations to identify systems using the AMD CCP crypto driver (CONFIG_CRYPTO_DEV_CCP)
• Apply kernel updates containing the referenced stable commits when available from distribution maintainers
• Monitor vendor security advisories for kernel package updates addressing this issue
• Consider disabling AMD CCP hardware acceleration temporarily if crash conditions are observed and patches are unavailable, accepting potential performance impact

Evidence notes

The CVE description and kernel.org commit references confirm the vulnerability is a coding error in cleanup attribute usage within the crypto/ccp driver. The fix involves changing `__cleanup(kfree)` to `__free(kfree)` to ensure proper heap memory deallocation. No CVSS score or severity has been assigned by NVD as of the modified date.

Official resources