CVE Catalog

CVE-2026-46042

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to memory leaks in the weighted_interleave_auto_store() function. These issues occur when a user inputs 'true' or 'false', leading to memory not being freed.

Risk Assessment

Memory leaks can lead to increased resource consumption, which may affect the stability and performance of the system over time.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and prevent memory leaks.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated new_wi_state. 2. When a user writes "true", old_wi_state stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop. Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode. Reviewed by: Donet Tom <[email protected]>

Vulnerability data from NVD (NIST) · CISA KEV · EPSS