CVE-2026-46042

MEDIUM EPSS 2.7%
Published May 27, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated new_wi_state. 2. When a user writes "true", old_wi_state stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop. Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode. Reviewed by: Donet Tom <donettom@linux.ibm.com>

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.16  –  <6.18.27
linuxlinux_kernel*≥6.19  –  <7.0.4

References 3

  • git.kernel.org https://git.kernel.org/stable/c/39caa9ca863f96b3d00447c5aa200cabda489856
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6fae274ce0e3109cbbc4c18b354eaace1f0af7d7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c42a7efb9060d89b72708ffaf255d0002c2164a7
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/39caa9ca863f96b3d00447c5aa200cabda489856
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6fae274ce0e3109cbbc4c18b354eaace1f0af7d7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c42a7efb9060d89b72708ffaf255d0002c2164a7
    Patch