Description
In the Linux kernel, the following vulnerability has been resolved:

mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()

weighted_interleave_auto_store() fetches old_wi_state inside the if
(!input) block only. This causes two memory leaks:

1. When a user writes "false" and the current mode is already manual,
the function returns early without freeing the freshly allocated
new_wi_state.

2. When a user writes "true", old_wi_state stays NULL because the
fetch is skipped entirely. The old state is then overwritten by
rcu_assign_pointer() but never freed, since the cleanup path is
gated on old_wi_state being non-NULL. A user can trigger this
repeatedly by writing "1" in a loop.

Fix both leaks by moving the old_wi_state fetch before the input check,
making it unconditional. This also allows a unified early return for both
"true" and "false" when the requested mode matches the current mode.

Reviewed by: Donet Tom <donettom@linux.ibm.com>
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Linux kernel's memory policy subsystem, where the function weighted_interleave_auto_store() fails to release allocated memory in two distinct code paths. When a non-empty input is provided, the newly allocated state is discarded without deallocation, creating a leak. Additionally, an empty input bypasses the fetch of the old state, which then remains unreclaimed after an overwrite. A local user can repeatedly trigger this scenario by writing the literal "1" in a loop, causing cumulative memory consumption. The impact is limited to the kernel's memory subsystem, potentially resulting in denial of service if the leak grows unchecked. The weakness is a classic memory allocation bug (CWE‑401).

Affected Systems

Both Linux vendor products are affected, as the kernel source is identical across distributions. No specific kernel version range is listed in the advisory, so any kernel containing the stated code path could be vulnerable. Administrators should verify whether their kernel includes the older weighted_interleave_auto_store() implementation that contains the leak.

Risk and Exploitability

No CVSS score or EPSS value is provided, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation. The attack vector is local and requires write access to the memory policy interface, which is typically available to privileged users. While the exploit does not grant arbitrary code execution, repeated exploitation can lead to memory pressure and a kernel crash, representing a moderate risk for environments where the interface is exposed. The absence of known public exploits suggests low immediate threat, but the lack of a release note specifying fixation dates warrants timely kernel updates.

Generated by OpenCVE AI on May 27, 2026 at 18:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version in which the weighted_interleave_auto_store() function is fixed
  • If a kernel update is not yet available, consider disabling user writes to the memory policy interface by setting appropriate permissions or using system configuration to lock the memory policy (e.g., using "mempolicy" sysctl knobs)
  • Monitor kernel memory usage for abnormal growth and apply kernel patching or configuration changes promptly to mitigate potential denial of service

Generated by OpenCVE AI on May 27, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated new_wi_state. 2. When a user writes "true", old_wi_state stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop. Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode. Reviewed by: Donet Tom <donettom@linux.ibm.com>
Title mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:56:56.830Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46042

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:23.633

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46042

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T18:30:26Z

Weaknesses

No weakness.