Description
In the Linux kernel, the following vulnerability has been resolved:

mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()

weighted_interleave_auto_store() fetches old_wi_state inside the if
(!input) block only. This causes two memory leaks:

1. When a user writes "false" and the current mode is already manual,
the function returns early without freeing the freshly allocated
new_wi_state.

2. When a user writes "true", old_wi_state stays NULL because the
fetch is skipped entirely. The old state is then overwritten by
rcu_assign_pointer() but never freed, since the cleanup path is
gated on old_wi_state being non-NULL. A user can trigger this
repeatedly by writing "1" in a loop.

Fix both leaks by moving the old_wi_state fetch before the input check,
making it unconditional. This also allows a unified early return for both
"true" and "false" when the requested mode matches the current mode.

Reviewed by: Donet Tom <donettom@linux.ibm.com>
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Linux kernel's memory policy subsystem, where the function weighted_interleave_auto_store() fails to release allocated memory in two distinct code paths. When a non-empty input is provided, the newly allocated state is discarded without deallocation, creating a leak. Additionally, an empty input bypasses the fetch of the old state, which then remains unreclaimed after an overwrite. A local user can repeatedly trigger this scenario by writing the literal "1" in a loop, causing cumulative memory consumption. The impact is limited to the kernel's memory subsystem, potentially resulting in denial of service if the leak grows unchecked. The weakness is a classic memory allocation bug (CWE‑772).

Affected Systems

Both Linux vendor products are affected, as the kernel source is identical across distributions. No specific kernel version range is listed in the advisory, so any kernel containing the stated code path could be vulnerable. Administrators should verify whether their kernel includes the older weighted_interleave_auto_store() implementation that contains the leak.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while no EPSS value is available, and the vulnerability is not listed in the CISA KEV catalog, indicating no known active exploitation. The attack vector is local and requires write access to the memory policy interface, which is typically available to privileged users. While the exploit does not grant arbitrary code execution, repeated exploitation can lead to memory pressure and a kernel crash, representing a moderate risk for environments where the interface is exposed. The absence of known public exploits suggests low immediate threat, but the lack of a release note specifying fixation dates warrants timely kernel updates.

Generated by OpenCVE AI on May 28, 2026 at 02:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version in which the weighted_interleave_auto_store() function is fixed
  • If a kernel update is not yet available, consider disabling user writes to the memory policy interface by setting appropriate permissions or using system configuration to lock the memory policy (e.g., using "mempolicy" sysctl knobs)
  • Monitor kernel memory usage for abnormal growth and apply kernel patching or configuration changes promptly to mitigate potential denial of service

Generated by OpenCVE AI on May 28, 2026 at 02:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated new_wi_state. 2. When a user writes "true", old_wi_state stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop. Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode. Reviewed by: Donet Tom <donettom@linux.ibm.com>
Title mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:50:08.044Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46042

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:23.633

Modified: 2026-06-16T15:14:42.677

Link: CVE-2026-46042

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46042 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T02:30:04Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-772

    Missing Release of Resource after Effective Lifetime