Skip to main content

Linux Kernel CVE-2026-46044

| EUVDEUVD-2026-32426 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-9g3m-jq99-wvqp
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

AC:H because triggering the defect requires a hardware-dependent error condition during driver init, not a directly controllable attacker input; C and I are N per description.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 15:08 vuln.today
CVSS changed
Jun 16, 2026 - 15:07 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

ipmi:ssif: Clean up kthread on errors

If an error occurs after the ssif kthread is created, but before the main IPMI code starts the ssif interface, the ssif kthread will not be stopped.

So make sure the kthread is stopped on an error condition if it is running.

AnalysisAI

Resource leak in the Linux kernel IPMI SSIF driver leaves an orphaned kernel thread running when driver initialization fails mid-sequence. Systems with SSIF-capable IPMI hardware (BMC connected via SMBus/I2C) running unpatched kernels are affected across multiple stable branches. If initialization errors occur after the ssif kthread is spawned but before the IPMI core starts the interface, the thread is never stopped, degrading system availability over time. No public exploit exists and EPSS is 0.02% (4th percentile), making this a routine patch-cycle item rather than an emergency; fixes are confirmed in stable kernel releases 6.18.27 and 7.0.4.

Technical ContextAI

The affected component is the Linux kernel IPMI SSIF driver (drivers/char/ipmi/ipmi_ssif.c). IPMI (Intelligent Platform Management Interface) over SSIF (SMBus System Interface) is a server management transport that allows the host OS to communicate with the BMC (Baseboard Management Controller) via the I2C/SMBus bus. During driver initialization, the driver spawns a kernel thread to handle SSIF protocol traffic before the IPMI core layer calls the interface-start routine. The defect is in the error-handling path: if any initialization step fails after kthread creation but before the IPMI core invokes kthread_stop(), the thread remains alive with no owner to clean it up. This is functionally equivalent to CWE-404 (Improper Resource Shutdown or Release), though no CWE is formally assigned by NVD. CPE data (cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*) confirms broad Linux kernel applicability, bounded by specific commit ranges per EUVD data. Only hardware environments where the ipmi_ssif module loads and probes real SSIF-capable BMC hardware are exposed.

RemediationAI

Apply the confirmed stable-tree fix commits from kernel.org: https://git.kernel.org/stable/c/75c486cb1bcaa1a3ec3a6438498176a3a4998ae4, https://git.kernel.org/stable/c/800febc637d1c1974b1e899dea8a07e115d60766, https://git.kernel.org/stable/c/858bc8b9edb6eaf0522900128bb9053e2df6b0f6, https://git.kernel.org/stable/c/549607af66a0efdb41307ba6343eed31de8b133e, and https://git.kernel.org/stable/c/f2d0a3ede5ebf404d4c334a1f04ef439e0086857. Distribution kernels shipping Linux 6.18.27 or 7.0.4 include the fix; upgrade to these or later releases via your distribution's standard update mechanism. If immediate patching is operationally blocked and the system is exposed to untrusted local users, blacklisting the ipmi_ssif module via 'echo blacklist ipmi_ssif >> /etc/modprobe.d/ipmi-blacklist.conf && update-initramfs -u' eliminates exposure entirely - however, this disables SSIF-based out-of-band management (sensor polling, chassis control via BMC), which may impact server monitoring pipelines and should be evaluated against operational requirements before applying.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

CVE-2026-46044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy