Skip to main content

Linux Kernel CVE-2026-46221

| EUVDEUVD-2026-32848 MEDIUM
Memory Leak (CWE-401)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-qcqg-8c98-934h
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 10, 2026 - 19:06 vuln.today
CVSS changed
Jun 10, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

EDAC/versalnet: Fix device name memory leak

The device name allocated via kzalloc() in init_one_mc() is assigned to dev->init_name but never freed on the normal removal path. device_register() copies init_name and then sets dev->init_name to NULL, so the name pointer becomes unreachable from the device. Thus leaking memory.

Use a stack-local char array instead of using kzalloc() for name.

AnalysisAI

Memory leak in the Linux kernel's EDAC/versalnet driver allows a local low-privileged user to gradually exhaust kernel heap memory, rated CVSS 5.5 with high availability impact. The flaw exists in init_one_mc() where a kzalloc()-allocated device name string becomes permanently unreachable after device_register() copies and nullifies the pointer, preventing any subsequent free on device removal. No public exploit identified at time of analysis; EPSS at 0.02% (4th percentile) confirms this is a low-exploitation-probability defect rather than an actively targeted vulnerability.

Technical ContextAI

The EDAC (Error Detection and Correction) subsystem in the Linux kernel provides infrastructure for monitoring and reporting hardware memory errors. The versalnet EDAC driver targets AMD/Xilinx Versal SoC platforms. In init_one_mc(), a buffer is allocated via kzalloc() to hold the formatted device name, then assigned to dev->init_name before calling device_register(). A subtle kernel device model behavior is that device_register() internally copies init_name (via kobject_set_name) and subsequently sets dev->init_name to NULL - this is by design to transfer name ownership into the kobject layer. Consequently, the original kzalloc'd pointer is orphaned with no reference remaining in any reachable structure, constituting a classic CWE-401 (Missing Release of Memory after Effective Lifetime) defect. The fix replaces the heap allocation with a stack-local char array, which is automatically reclaimed at function return. CPE data confirms affected products span cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* through the 7.1-rc2 release.

RemediationAI

The primary fix is to upgrade to a patched Linux kernel version: 6.18.32 or later for the 6.18 stable series, 7.0.9 or later for the 7.0 stable series, or 7.1-rc3 or later for the mainline release candidate series. Fix commits are available directly at https://git.kernel.org/stable/c/24d2912962d087ebff7c4984f8ac34a5f23c8dbf (6.18 branch), https://git.kernel.org/stable/c/8cf5dd235eff6008cb04c3d8064d2acfa90616f1 (7.0 branch), and https://git.kernel.org/stable/c/b16033c8774f5fb4c0cb9b445a1dfc68f499ae6a (mainline). Distribution maintainers should backport these commits if shipping affected kernel versions on Versal SoC hardware. As a compensating control where patching is not immediately possible, avoiding frequent load/unload cycles of the edac_versalnet kernel module reduces the rate of memory accumulation, though this does not eliminate the underlying defect. Blacklisting the module (modprobe -b edac_versalnet) is a trade-off that prevents EDAC memory error reporting on Versal platforms but also stops the leak entirely.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

CVE-2026-46221 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy