CVE-2026-46042
Analyzed Analyzed - Analysis Complete
Memory Leak in Linux Kernel mm/mempolicy

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated new_wi_state. 2. When a user writes "true", old_wi_state stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop. Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode. Reviewed by: Donet Tom <[email protected]>
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46042
EUVD
EUVD-2026-32424
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 6.16 (inc) to 6.18.27 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak issue in the Linux kernel's memory policy management, specifically in the function weighted_interleave_auto_store().

The function incorrectly handles memory allocation and freeing in two cases: when a user writes "false" while the current mode is already manual, and when a user writes "true" repeatedly. In both cases, allocated memory is not properly freed, causing memory leaks.

The root cause is that the old_wi_state variable is only fetched conditionally, which leads to improper cleanup of allocated memory. The fix involves fetching old_wi_state unconditionally before checking the input, ensuring proper memory management.

Impact Analysis

This vulnerability can lead to memory leaks in the Linux kernel, which over time may cause increased memory usage and potentially degrade system performance or stability.

If exploited by repeatedly writing certain values, it could exhaust system memory resources, possibly leading to system slowdowns or crashes.

Mitigation Strategies

The vulnerability is fixed by updating the Linux kernel to a version where the memory leaks in weighted_interleave_auto_store() have been resolved.

Specifically, ensure your system is running the patched kernel version released on or after 2026-05-27 that includes the fix moving the old_wi_state fetch before the input check.

Until the patch is applied, avoid repeatedly writing "1" or toggling the weighted interleave mode in a loop, as this can trigger the memory leaks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46042. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart