Description
In the Linux kernel, the following vulnerability has been resolved:

mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()

weighted_interleave_auto_store() fetches old_wi_state inside the if
(!input) block only. This causes two memory leaks:

1. When a user writes "false" and the current mode is already manual,
the function returns early without freeing the freshly allocated
new_wi_state.

2. When a user writes "true", old_wi_state stays NULL because the
fetch is skipped entirely. The old state is then overwritten by
rcu_assign_pointer() but never freed, since the cleanup path is
gated on old_wi_state being non-NULL. A user can trigger this
repeatedly by writing "1" in a loop.

Fix both leaks by moving the old_wi_state fetch before the input check,
making it unconditional. This also allows a unified early return for both
"true" and "false" when the requested mode matches the current mode.

Reviewed by: Donet Tom <donettom@linux.ibm.com>
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel’s memory policy subsystem, the function weighted_interleave_auto_store() can leak memory on two separate code paths. When the user writes the string "false" while the current mode is already manual, the function exits early without freeing the freshly allocated new state. When the user writes "true", the old state is never fetched, it is overwritten instead, and the cleanup code never runs; this allows a loop of writes to repeatedly leak memory. The leak is confined to the kernel’s memory allocator and does not provide code execution, but sustained exploitation can grow the kernel’s memory usage and potentially trigger a crash or a denial‑of‑service condition.

Affected Systems

The flaw resides in a core kernel function that is identical across all major Linux distributions; the advisory does not specify a particular kernel version range, so any kernel version still containing the pre‑fix implementation of weighted_interleave_auto_store() is vulnerable. Administrators should verify the current kernel version and the presence of the unpatched code path, especially if using an older release or a custom kernel configuration.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score is listed as <1%, meaning the likelihood of exploitation is very low but not zero. The vulnerability is not included in the CISA KEV catalog, suggesting no known active exploitation. Based on the description, the attack vector is local and requires write access to the memory‑policy interface, typically available only to privileged users. Although the exploit does not provide arbitrary code execution, repeatedly triggering the leak can drain kernel memory and lead to a crash, representing a moderate risk for systems where the interface is openly writable. Prompt patching is advisable to mitigate this potential denial‑of service risk.

Generated by OpenCVE AI on June 18, 2026 at 03:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that contains the weighted_interleave_auto_store() fix
  • If an update is unavailable, restrict or disable user write access to the memory‑policy interface, for example by adjusting file permissions or using a system configuration to lock the policy knobs
  • Continuously monitor kernel memory usage for abnormal growth and apply additional kernel safeguards or patches as soon as they become available

Generated by OpenCVE AI on June 18, 2026 at 03:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8488-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8489-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8488-2 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-8507-1 Linux kernel (NVIDIA) vulnerabilities
History

Tue, 16 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated new_wi_state. 2. When a user writes "true", old_wi_state stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop. Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode. Reviewed by: Donet Tom <donettom@linux.ibm.com>
Title mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:50:08.044Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46042

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:23.633

Modified: 2026-06-17T10:52:57.130

Link: CVE-2026-46042

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46042 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T04:00:15Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime