CVE-2026-46221
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to a memory leak of the device name. The device name allocated via kzalloc() in init_one_mc() is not freed on the normal removal path, leading to a memory leak.
Risk Assessment
Organizations may experience performance issues due to uncontrolled memory consumption, potentially leading to system crashes or slowdowns.
Recommendation
It is recommended to update the Linux kernel to a version where this vulnerability has been fixed to avoid memory leaks.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc() in init_one_mc() is assigned to dev->init_name but never freed on the normal removal path. device_register() copies init_name and then sets dev->init_name to NULL, so the name pointer becomes unreachable from the device. Thus leaking memory. Use a stack-local char array instead of using kzalloc() for name.

