Description
In the Linux kernel, the following vulnerability has been resolved:

EDAC/versalnet: Fix device_node leak in mc_probe()

of_parse_phandle() returns a device_node reference that must be released with
of_node_put(). The original code never freed r5_core_node on any exit path,
causing a memory leak.

Fix this by using the automatic cleanup attribute __free(device_node) which
ensures of_node_put() is called when the variable goes out of scope.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, a device_node reference returned by of_parse_phandle() is never freed in the EDAC/versalnet driver. The reference r5_core_node remains allocated on all exit paths, creating a memory leak. Over time, repeated invocations could accumulate unused memory, degrading system performance and potentially exhausting available memory, which may affect stability and availability.

Affected Systems

The vulnerability affects the Linux kernel, specifically the VersalNet EDAC driver that handles hardware error detection on Versal Net devices. Any system running a kernel build that contains this driver and does not include the patch will be susceptible.

Risk and Exploitability

There is no reported CVSS score, EPSS score, or KEV listing for this issue, indicating that the public exploitation data is currently lacking. The risk is primarily tied to internal usage: a long‑running device that loads and unloads this driver repeatedly could accumulate memory usage, but there is no known external attack vector or privilege escalation from the leak. Consequently, the exploitation likelihood is considered low and the impact is moderate, limited to resource exhaustion.

Generated by OpenCVE AI on May 27, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that includes the mc_probe() memory leak fix
  • If a kernel update is not immediately available, apply the patch from the provided kernel commits (17e1369, 5c709b3, b6e6135) and rebuild the kernel
  • If the patch cannot be applied, disable the EDAC/versalnet driver or limit its use to prevent prolonged memory accumulation

Generated by OpenCVE AI on May 27, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device_node leak in mc_probe() of_parse_phandle() returns a device_node reference that must be released with of_node_put(). The original code never freed r5_core_node on any exit path, causing a memory leak. Fix this by using the automatic cleanup attribute __free(device_node) which ensures of_node_put() is called when the variable goes out of scope.
Title EDAC/versalnet: Fix device_node leak in mc_probe()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:56:39.170Z

Reserved: 2026-05-13T15:03:33.093Z

Link: CVE-2026-46030

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:21.913

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46030

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T20:30:40Z

Weaknesses