CVE-2026-46044 - Vulnerability Details

- ipmi:ssif: Clean up kthread on errors

Description

In the Linux kernel, the following vulnerability has been resolved:

ipmi:ssif: Clean up kthread on errors

If an error occurs after the ssif kthread is created, but before the
main IPMI code starts the ssif interface, the ssif kthread will not
be stopped.

So make sure the kthread is stopped on an error condition if it is
running.

Published: 2026-05-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel bug in the IPMI over SSIF subsystem causes an orphaned kernel thread to persist after an error occurs between thread creation and interface initialization. The stray thread continues to run, consuming CPU resources and memory until the error condition is fully handled, potentially leading to system slow-down or memory exhaustion. This problem is a resource leak, a CWE-772 weakness, arising from failing to clean up the kernel thread when an error is detected. The primary impact is local resource exhaustion, not remote code execution.

Affected Systems

All Linux kernel installations that include the older IPMI SSIF implementation are affected. The affected vendor is GNU/Linux and the product is the Linux kernel. No explicit version numbers are listed in the advisory, but any kernel built from source prior to the merge of the fix is vulnerable.

Risk and Exploitability

The vulnerability does not provide a direct remote attack path; instead, it is triggered by an internal kernel error that can arise from interactions with firmware or other drivers. The EPSS score is not available, which indicates a low exploitation probability. The issue is not listed in the CISA KEV catalog. The likely attack vector is a local kernel error caused by malformed firmware or misconfigured drivers that trigger the SSIF thread before cleanup, which would require privileged local access or kernel compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`259307074bfcf1ff88016e12c68f057aee6cb694`	affected	< 549607af66a0efdb41307ba6343eed31de8b133e
`259307074bfcf1ff88016e12c68f057aee6cb694`	affected	< f2d0a3ede5ebf404d4c334a1f04ef439e0086857
`259307074bfcf1ff88016e12c68f057aee6cb694`	affected	< 858bc8b9edb6eaf0522900128bb9053e2df6b0f6
`259307074bfcf1ff88016e12c68f057aee6cb694`	affected	< 800febc637d1c1974b1e899dea8a07e115d60766
`259307074bfcf1ff88016e12c68f057aee6cb694`	affected	< 75c486cb1bcaa1a3ec3a6438498176a3a4998ae4

Linux

affected

Version	Status	Constraints
`3.19`	affected	—
`0`	unaffected	< 3.19
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[259307074bfcf1ff88016e12c68f057aee6cb694,858bc8b9edb6eaf0522900128bb9053e2df6b0f6)`	affected	code_commit	—
`[259307074bfcf1ff88016e12c68f057aee6cb694,800febc637d1c1974b1e899dea8a07e115d60766)`	affected	code_commit	—
`[259307074bfcf1ff88016e12c68f057aee6cb694,75c486cb1bcaa1a3ec3a6438498176a3a4998ae4)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`3.19`	affected	generic	—
`[0,3.19)`	unaffected	generic	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install a Linux kernel version that incorporates the SSIF thread cleanup fix.
If an immediate update is not possible, prevent the problematic thread from starting by disabling or blacklisting the ipmi_ssif kernel module.
Monitor kernel logs (e.g., dmesg) and system performance metrics for signs of high CPU usage attributable to orphaned SSIF threads.

Generated by OpenCVE AI on May 28, 2026 at 05:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/549607af66a0efdb41307ba6343eed31de8b133e
https://git.kernel.org/stable/c/75c486cb1bcaa1a3ec3a6438498176a3a4998ae4
https://git.kernel.org/stable/c/800febc637d1c1974b1e899dea8a07e115d60766
https://git.kernel.org/stable/c/858bc8b9edb6eaf0522900128bb9053e2df6b0f6
https://git.kernel.org/stable/c/f2d0a3ede5ebf404d4c334a1f04ef439e0086857
https://lore.kernel.org/linux-cve-announce/2026052752-CVE-2026-46044-6965@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46044
https://www.cve.org/CVERecord?id=CVE-2026-46044

History

Tue, 16 Jun 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/549607af66a0efdb41307ba6343eed31de8b133e https://git.kernel.org/stable/c/f2d0a3ede5ebf404d4c334a1f04ef439e0086857

Thu, 28 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400 CWE-458

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026052752-CVE-2026-46044-6965@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46044 https://www.cve.org/CVERecord?id=CVE-2026-46044

Wed, 27 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400 CWE-458

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ipmi:ssif: Clean up kthread on errors If an error occurs after the ssif kthread is created, but before the main IPMI code starts the ssif interface, the ssif kthread will not be stopped. So make sure the kthread is stopped on an error condition if it is running.
Title		ipmi:ssif: Clean up kthread on errors
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/75c486cb1bcaa1a3ec3a6438498176a3a4998ae4 https://git.kernel.org/stable/c/800febc637d1c1974b1e899dea8a07e115d60766 https://git.kernel.org/stable/c/858bc8b9edb6eaf0522900128bb9053e2df6b0f6

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:56:59.663Z

Updated: 2026-06-14T17:50:15.849Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46044

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-27T14:17:23.853

Modified: 2026-06-16T15:04:45.547

Link: CVE-2026-46044

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46044 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T06:00:10Z

Weaknesses

CWE-772
Missing Release of Resource after Effective Lifetime
NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object