CVE-2026-46141
Received Received - Intake
Memory Leak in Linux Kernel XIVE Subsystem

Publication date: 2026-05-28

Last updated on: 2026-05-28

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: fix kmemleak caused by incorrect chip_data lookup The kmemleak reports the following memory leak: Unreferenced object 0xc0000002a7fbc640 (size 64): comm "kworker/8:1", pid 540, jiffies 4294937872 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 09 04 00 04 00 00 ................ 00 00 a7 81 00 00 0a c0 00 00 08 04 00 04 00 00 ................ backtrace (crc 177d48f6): __kmalloc_cache_noprof+0x520/0x730 xive_irq_alloc_data.constprop.0+0x40/0xe0 xive_irq_domain_alloc+0xd0/0x1b0 irq_domain_alloc_irqs_parent+0x44/0x6c pseries_irq_domain_alloc+0x1cc/0x354 irq_domain_alloc_irqs_parent+0x44/0x6c msi_domain_alloc+0xb0/0x220 irq_domain_alloc_irqs_locked+0x138/0x4d0 __irq_domain_alloc_irqs+0x8c/0xfc __msi_domain_alloc_irqs+0x214/0x4d8 msi_domain_alloc_irqs_all_locked+0x70/0xf8 pci_msi_setup_msi_irqs+0x60/0x78 __pci_enable_msix_range+0x54c/0x98c pci_alloc_irq_vectors_affinity+0x16c/0x1d4 nvme_pci_enable+0xac/0x9c0 [nvme] nvme_probe+0x340/0x764 [nvme] This occurs when allocating MSI-X vectors for an NVMe device. During allocation the XIVE code creates a struct xive_irq_data and stores it in irq_data->chip_data. When the MSI-X irqdomain is later freed, xive_irq_free_data() is responsible for retrieving this structure and freeing it. However, after commit cc0cc23babc9 ("powerpc/xive: Untangle xive from child interrupt controller drivers"), xive_irq_free_data() retrieves the chip_data using irq_get_chip_data(), which looks up the data through the child domain. This is incorrect because the XIVE-specific irq data is associated with the XIVE (parent) domain. As a result the lookup fails and the allocated struct xive_irq_data is never freed, leading to the kmemleak report shown above. Fix this by retrieving the irq_data from the correct domain using irq_domain_get_irq_data() and then accessing the chip_data via irq_data_get_irq_chip_data().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-28
Generated
2026-05-28
AI Q&A
2026-05-28
EPSS Evaluated
N/A
NVD
CVE-2026-46141
EUVD
EUVD-2026-32768
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's powerpc/xive interrupt handling code. It involves a memory leak caused by incorrect lookup of interrupt chip data during the freeing of MSI-X interrupt vectors for NVMe devices.

Specifically, when MSI-X vectors are allocated, a structure called xive_irq_data is created and stored in irq_data->chip_data. Later, when these interrupt vectors are freed, the code attempts to retrieve this structure to free it. However, due to a code change, the retrieval looks up the data through the child interrupt domain instead of the parent XIVE domain where the data actually resides.

Because of this incorrect lookup, the xive_irq_data structure is never freed, causing a memory leak that is reported by the kernel's kmemleak tool.


How can this vulnerability impact me? :

This vulnerability leads to a memory leak in the Linux kernel when handling MSI-X interrupts for NVMe devices on powerpc/xive systems.

Over time, the unreleased memory allocations could accumulate, potentially degrading system performance or stability due to increased memory usage.

However, the vulnerability does not appear to allow direct code execution, privilege escalation, or data corruption.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as a memory leak detected by kmemleak in the Linux kernel, specifically related to the powerpc/xive subsystem during MSI-X vector allocation for NVMe devices.

To detect this issue on your system, you can monitor kmemleak reports for unreferenced objects related to irq_data and xive_irq_data structures.

A typical kmemleak report might show unreferenced objects with backtraces involving functions like __kmalloc_cache_noprof, xive_irq_alloc_data, and nvme_pci_enable.

  • Enable kmemleak in your kernel configuration if not already enabled.
  • Check kmemleak reports by reading from /sys/kernel/debug/kmemleak:
  • cat /sys/kernel/debug/kmemleak
  • Use grep or similar tools to filter for 'xive' or 'nvme' related leaks.
  • Monitor kernel logs (dmesg) for any related warnings or errors during NVMe device initialization or MSI-X vector allocation.

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is caused by incorrect lookup and freeing of irq chip data in the powerpc/xive subsystem, leading to memory leaks.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this issue, which corrects the irq_data retrieval to use irq_domain_get_irq_data() and irq_data_get_irq_chip_data().
  • If updating the kernel is not immediately possible, monitor kmemleak reports to identify memory leaks and consider rebooting the system periodically to clear leaked memory.
  • Avoid workloads or configurations that heavily allocate and free MSI-X vectors on NVMe devices on affected powerpc/xive systems until patched.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart