Skip to main content

Linux Kernel CVE-2026-46171

| EUVDEUVD-2026-32798 MEDIUM
Memory Leak (CWE-401)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-wxj9-x4vw-8w2j
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local KVM subsystem access requires low OS privileges (PR:L, AV:L); only availability impact via memory exhaustion - no confidentiality or integrity consequence.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 11, 2026 - 12:23 vuln.today
CVSS changed
Jun 11, 2026 - 12:22 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

riscv: kvm: fix vector context allocation leak

When the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_vector_context, the first allocation (guest_context.vector.datap) is leaked. Free it before returning.

AnalysisAI

Memory leak in the Linux kernel's RISC-V KVM vector context allocation allows a local low-privileged attacker to exhaust kernel memory, causing denial of service on RISC-V hypervisor hosts. The flaw exists in kvm_riscv_vcpu_alloc_vector_context() where a failed second kzalloc call (host_context.vector.datap) returns an error without freeing the first allocation (guest_context.vector.datap), accumulating unreleased kernel memory across repeated vCPU creation attempts. No public exploit exists and no active exploitation is confirmed; EPSS at 0.02% (4th percentile) reflects the narrow RISC-V KVM deployment surface.

Technical ContextAI

The vulnerability resides in the RISC-V KVM subsystem of the Linux kernel (arch/riscv/kvm/), introduced when RISC-V vector extension support was added to KVM guests at commit 0f4b82579716. CWE-401 (Missing Release of Memory after Effective Lifetime) precisely describes the root cause: an error path exits the function after the first kzalloc succeeds but before the second does, without invoking kfree on the already-allocated guest_context.vector.datap buffer. The RISC-V V (vector) extension requires separate vector register state buffers for both the guest and host CPU contexts during virtualization, hence two allocations. CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* confirms this affects the upstream Linux kernel across the vulnerable version range. The 'Information Disclosure' tag in the source data conflicts with the CVSS C:N metric and the description, which describes only a memory leak; that tag appears to be a mis-classification.

RemediationAI

Update the Linux kernel to version 6.18.30, 7.0.7, or 7.1-rc1, which include the upstream fix commits b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978, 1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98, and bd62c0f61bc722a097417401030c596cea8e21aa, available at https://git.kernel.org/stable/c/1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98, https://git.kernel.org/stable/c/b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978, and https://git.kernel.org/stable/c/bd62c0f61bc722a097417401030c596cea8e21ab. As a compensating control where immediate patching is not feasible, disabling RISC-V vector extension support for KVM guests (e.g., by restricting ISA extensions passed to guests) prevents the vulnerable allocation path from being exercised; the trade-off is reduced guest performance for vector-intensive workloads. Systems not operating as RISC-V KVM hypervisors require no action.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

CVE-2026-46171 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy