CVE-2026-46182
Analyzed Analyzed - Analysis Complete
Kernel Memory Leak in Linux Kernel pseries/papr-hvpipe

Publication date: 2026-05-28

Last updated on: 2026-06-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized explicitly. Because the struct papr_hvpipe_hdr contains reserved padding bytes (reserved[3] and reserved2[40]), these could leak the uninitialized bytes to userspace after copy_to_user(). This patch fixes that by initializing the whole struct to 0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-11
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46182
EUVD
EUVD-2026-32809
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.19 (inc) to 7.0.7 (exc)
linux linux_kernel From 6.18 (inc) to 6.18.30 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability is fixed by a patch that initializes the entire papr_hvpipe_hdr struct to zero, preventing kernel stack memory leaks to userspace.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this patch.

Impact Analysis

This vulnerability can lead to a kernel stack memory leak to userspace. As a result, sensitive or confidential information residing in the kernel stack memory could be exposed to unprivileged userspace processes. This could potentially allow attackers to gain insights into kernel memory contents, which might aid in further exploitation or information disclosure attacks.

Executive Summary

This vulnerability exists in the Linux kernel, specifically in the pseries/papr-hvpipe component. The issue arises because a structure named papr_hvpipe_hdr is allocated on the kernel stack, but only some of its fields (version and flags) are explicitly initialized. The structure contains reserved padding bytes that remain uninitialized. When this structure is copied to userspace using the copy_to_user() function, these uninitialized bytes can leak kernel stack memory contents to userspace.

The vulnerability was fixed by modifying the code to initialize the entire structure to zero, preventing any uninitialized data from leaking.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46182. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart