CVE-2026-46030
Awaiting Analysis Awaiting Analysis - Queue
Memory Leak in Linux Kernel EDAC VersalNet Driver

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device_node leak in mc_probe() of_parse_phandle() returns a device_node reference that must be released with of_node_put(). The original code never freed r5_core_node on any exit path, causing a memory leak. Fix this by using the automatic cleanup attribute __free(device_node) which ensures of_node_put() is called when the variable goes out of scope.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46030
EUVD
EUVD-2026-32411
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 6.18 (inc) to 6.18.27 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a memory leak in the Linux kernel related to the EDAC/versalnet component. Specifically, the function of_parse_phandle() returns a device_node reference that must be released using of_node_put(). However, the original code failed to free the r5_core_node reference on any exit path, causing a memory leak. The fix involves using an automatic cleanup attribute (__free(device_node)) to ensure that of_node_put() is called when the variable goes out of scope.

Impact Analysis

This memory leak vulnerability can cause the Linux kernel to consume more memory over time due to unreleased device_node references. This can lead to reduced system performance, potential instability, or crashes if the leak is significant and persistent.

Mitigation Strategies

To mitigate this vulnerability, update your Linux kernel to a version that includes the fix for the device_node leak in mc_probe(). The fix involves proper release of device_node references using the automatic cleanup attribute __free(device_node), ensuring no memory leak occurs.

Since this is a kernel-level fix, applying the latest kernel patches or upgrading to a fixed kernel version is the recommended immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46030. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart