Skip to main content

Linux Kernel CVE-2026-46030

| EUVDEUVD-2026-32411 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-97vh-qvrh-cxxq
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only driver probe trigger requires low-privilege account on hardware-specific platform; no confidentiality or integrity impact, only gradual availability loss from memory exhaustion.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 20:01 vuln.today
CVSS changed
Jun 16, 2026 - 17:52 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

EDAC/versalnet: Fix device_node leak in mc_probe()

of_parse_phandle() returns a device_node reference that must be released with of_node_put(). The original code never freed r5_core_node on any exit path, causing a memory leak.

Fix this by using the automatic cleanup attribute __free(device_node) which ensures of_node_put() is called when the variable goes out of scope.

AnalysisAI

Memory leak in the Linux kernel's EDAC/versalnet driver (mc_probe()) results in unreleased device_node references, enabling local low-privileged users to cause kernel memory exhaustion and availability degradation on AMD/Xilinx Versal SoC systems. The root cause is a missing of_node_put() call on all exit paths of mc_probe(), with the fix applied across stable branches including 6.18.27 and 7.0.4. No public exploit or CISA KEV listing exists, and EPSS sits at 0.02% (4th percentile), reflecting minimal active exploitation risk.

Technical ContextAI

EDAC (Error Detection and Correction) is a Linux kernel subsystem for detecting and reporting hardware memory errors. The versalnet driver specifically targets AMD/Xilinx Versal SoC platforms. The vulnerable function mc_probe() calls of_parse_phandle() to resolve a device tree phandle reference into a device_node struct. Per Linux kernel convention, of_parse_phandle() returns a reference-counted pointer that callers must explicitly release via of_node_put() - analogous to a kref_put(). CWE-401 (Missing Release of Memory after Effective Lifetime) precisely describes this pattern: the r5_core_node pointer was never freed on any exit path, causing a cumulative kernel memory leak across probe invocations. The upstream fix adopts __free(device_node), a GCC/Clang scope-based cleanup attribute that automatically calls of_node_put() when the variable exits scope, eliminating the manual-release obligation. CPE cpe:2.3:o:linux:linux_kernel confirms broad kernel scope, bounded in practice to platforms loading this driver.

RemediationAI

Upgrade to a patched kernel version: Linux 6.18.27 for systems on the 6.18 stable branch, Linux 7.0.4 for systems on the 7.0 stable branch, or Linux 7.1-rc1 and later for development builds. Patch commits are available at kernel.org stable tree (see references). For systems that cannot be immediately upgraded, a practical compensating control is to prevent the EDAC/versalnet driver from loading by blacklisting the module (add 'blacklist versalnet' to /etc/modprobe.d/) - note this disables EDAC memory error reporting on Versal SoC hardware, which may be unacceptable in environments relying on ECC monitoring. Additionally, restricting local user access on affected embedded/SoC platforms reduces the low-privilege trigger surface. No workaround eliminates the underlying reference-count leak without patching.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

CVE-2026-46030 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy