CVE-2026-46060
Analyzed Analyzed - Analysis Complete
IRQ Cleanup Failure in Linux Kernel Crypto QAT

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix IRQ cleanup on 6xxx probe failure When adf_dev_up() partially completes and then fails, the IRQ handlers registered during adf_isr_resource_alloc() are not detached before the MSI-X vectors are released. Since the device is enabled with pcim_enable_device(), calling pci_alloc_irq_vectors() internally registers pcim_msi_release() as a devres action. On probe failure, devres runs pcim_msi_release() which calls pci_free_irq_vectors(), tearing down the MSI-X vectors while IRQ handlers (for example 'qat0-bundle0') are still attached. This causes remove_proc_entry() warnings: [ 22.163964] remove_proc_entry: removing non-empty directory 'irq/143', leaking at least 'qat0-bundle0' Moving the devm_add_action_or_reset() before adf_dev_up() does not solve the problem since devres runs in LIFO order and pcim_msi_release(), registered later inside adf_dev_up(), would still fire before adf_device_down(). Fix by calling adf_dev_down() explicitly when adf_dev_up() fails, to properly free IRQ handlers before devres releases the MSI-X vectors.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46060
EUVD
EUVD-2026-32442
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 6.16 (inc) to 6.18.27 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's crypto qat driver during the device probe process. When the function adf_dev_up() partially completes but then fails, the IRQ handlers registered earlier are not properly detached before the MSI-X interrupt vectors are released. This improper cleanup leads to warnings about removing non-empty directories and potential resource leaks.

The root cause is that the cleanup actions registered by devres run in last-in-first-out order, causing the MSI-X vectors to be freed before the IRQ handlers are detached. The fix involves explicitly calling adf_dev_down() when adf_dev_up() fails to ensure IRQ handlers are freed before releasing MSI-X vectors.

Impact Analysis

This vulnerability can lead to improper cleanup of interrupt handlers and MSI-X vectors during device initialization failures. This may cause kernel warnings and resource leaks, potentially affecting system stability or causing unexpected behavior in the crypto qat device driver.

Detection Guidance

This vulnerability manifests as warnings related to IRQ handler cleanup failures during device probe failures in the Linux kernel's crypto qat driver.

Specifically, you may observe kernel log messages similar to the following:

  • [ 22.163964] remove_proc_entry: removing non-empty directory 'irq/143', leaking at least 'qat0-bundle0'

To detect this on your system, you can check the kernel logs for such warnings using commands like:

  • dmesg | grep 'remove_proc_entry'
  • journalctl -k | grep 'remove_proc_entry'

Additionally, monitoring for the presence of qat devices and their IRQ handlers can help identify if the vulnerable driver is in use.

Mitigation Strategies

The vulnerability is fixed by ensuring that the adf_dev_down() function is explicitly called when adf_dev_up() fails, properly freeing IRQ handlers before MSI-X vectors are released.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • If updating is not immediately possible, consider unloading the affected qat driver modules to prevent the issue from occurring.
  • Monitor kernel logs for the described warnings to detect if the issue is occurring.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46060. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart