CVE-2026-46196

MEDIUM EPSS 2.8%
Published May 28, 20261mo ago · Modified Jun 19, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 28, 2026 1mo ago
Last Modified Jun 19, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() When a tracepoint goes through the 0 -> 1 transition, tracepoint_add_func() invokes the subsystem's ext->regfunc() before attempting to install the new probe via func_add(). If func_add() then fails (for example, when allocate_probes() cannot allocate a new probe array under memory pressure and returns -ENOMEM), the function returns the error without calling the matching ext->unregfunc(), leaving the side effects of regfunc() behind with no installed probe to justify them. For syscall tracepoints this is particularly unpleasant: syscall_regfunc() bumps sys_tracepoint_refcount and sets SYSCALL_TRACEPOINT on every task. After a leaked failure, the refcount is stuck at a non-zero value with no consumer, and every task continues paying the syscall trace entry/exit overhead until reboot. Other subsystems providing regfunc()/unregfunc() pairs exhibit similarly scoped persistent state. Mirror the existing 1 -> 0 cleanup and call ext->unregfunc() in the func_add() error path, gated on the same condition used there so the unwind is symmetric with the registration.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥4.10  –  <6.6.140
linuxlinux_kernel*≥6.7  –  <6.12.88
linuxlinux_kernel*≥6.13  –  <6.18.30
linuxlinux_kernel*≥6.19  –  <7.0.7

References 8

  • git.kernel.org https://git.kernel.org/stable/c/247ed8a969f981bfba3112fd4bb441eaa6cef59c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2c5b8eeea006eb694c81631cd5713d494b80be90
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/342829e042ac00f3d68d442ea92873fb6683f494
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/36ff362235307af95152d510b53c2d9b8773a342
  • git.kernel.org https://git.kernel.org/stable/c/4f1756d043e56ea2e9a6c858fb290a0cf6fc2251
  • git.kernel.org https://git.kernel.org/stable/c/5787052e5f69beb649f3d6a80a8aa37d9e683e4e
  • git.kernel.org https://git.kernel.org/stable/c/7bcadb3c2bc1cf60690e931aadd35fb7bd646a49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fad217e16fded7f3c09f8637b0f6a224d58b5f2e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/247ed8a969f981bfba3112fd4bb441eaa6cef59c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2c5b8eeea006eb694c81631cd5713d494b80be90
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/342829e042ac00f3d68d442ea92873fb6683f494
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7bcadb3c2bc1cf60690e931aadd35fb7bd646a49
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fad217e16fded7f3c09f8637b0f6a224d58b5f2e
    Patch