Is there a patch available for CVE-2026-46042?

Yes, a patch is available for CVE-2026-46042. Update the affected software to the latest version immediately.

Linux CVE-2026-46042

EUVD-2026-32424

2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67

GHSA-pmw2-6gh9-j59g

Information Disclosure Linux IBM

Lifecycle Timeline

Patch available

May 27, 2026 - 19:46 EUVD

CVE Published

May 27, 2026 - 14:17 nvd

UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()

weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks:

When a user writes "false" and the current mode is already manual,

the function returns early without freeing the freshly allocated new_wi_state.

When a user writes "true", old_wi_state stays NULL because the

fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop.

Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode.

Reviewed by: Donet Tom <donettom@linux.ibm.com>

Analysis

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks: 1. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-7524 CRITICAL Act Now

9.8 May 27

Remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.1 lets unauthenticated network attackers run arbitr

CVE-2026-8175 CRITICAL Act Now

9.8 May 27

Remote code execution and authentication bypass are possible in IBM Aspera High-Speed Transfer Server and High-Speed Tra

CVE-2026-7876 CRITICAL Act Now

9.1 May 27

Authentication bypass in IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I) versions 1.5.1 throu

CVE-2026-5065 HIGH This Week

8.8 May 27

Hard-coded credentials in IBM Controller (versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2) give attackers a static, embedded

CVE-2026-8179 HIGH This Week

8.8 May 27

Arbitrary code execution in IBM Aspera High-Speed Transfer Server and Endpoint (versions 3.7.4 through 4.4.7 Fix Pack 1)

CVE-2026-46042 vulnerability details – vuln.today

Back

Linux CVE-2026-46042

Lifecycle Timeline

DescriptionNVD

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code