Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: qat - fix IRQ cleanup on 6xxx probe failure

When adf_dev_up() partially completes and then fails, the IRQ
handlers registered during adf_isr_resource_alloc() are not detached
before the MSI-X vectors are released.

Since the device is enabled with pcim_enable_device(), calling
pci_alloc_irq_vectors() internally registers pcim_msi_release() as a
devres action. On probe failure, devres runs pcim_msi_release() which
calls pci_free_irq_vectors(), tearing down the MSI-X vectors while IRQ
handlers (for example 'qat0-bundle0') are still attached. This causes
remove_proc_entry() warnings:

[ 22.163964] remove_proc_entry: removing non-empty directory 'irq/143', leaking at least 'qat0-bundle0'

Moving the devm_add_action_or_reset() before adf_dev_up() does not solve
the problem since devres runs in LIFO order and pcim_msi_release(),
registered later inside adf_dev_up(), would still fire before
adf_device_down().

Fix by calling adf_dev_down() explicitly when adf_dev_up() fails, to
properly free IRQ handlers before devres releases the MSI-X vectors.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s QAT crypto driver fails to detach registered IRQ handlers when a probe error occurs. Instead, the MSI‑X vectors are freed while handlers remain attached, leaving residual /proc entries such as ‘qat0-bundle0’ and emitting remove_proc_entry warnings. This improper cleanup can leave the kernel in an unstable state and may allow a faulted driver to trigger a kernel panic or degrade system reliability; it matches a resource leakage issue (CWE‑459).

Affected Systems

Any Linux kernel that includes the QAT crypto driver is potentially affected. No specific version range is provided, so all distributions shipping the kernel with the qat driver may be vulnerable until a kernel update containing the fix is applied.

Risk and Exploitability

The CVSS score is 5.5, indicating a moderate vulnerability. The EPSS score is reported as < 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The exploit is local, requiring privileged or physical access to a QAT device. An attacker that can force the probe to fail during initialization can cause orphaned IRQ handlers and remove_proc_entry warnings, potentially leading to a kernel crash or a degradation of system reliability. Remote exploitation is unlikely, but if the attacker already has privilege, the impact of a denial of service could be severe.

Generated by OpenCVE AI on June 17, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest kernel update or vendor patch that includes the call to adf_dev_down() on probe failure in the QAT driver.
  • If a patch is not yet available, disable the QAT driver or prevent QAT devices from being probed by removing or blacklisting the corresponding modules.
  • On systems that must keep the driver, monitor system logs for remove_proc_entry warnings and perform a hotplug reset or kernel reboot if such warnings appear to ensure the device is cleanly removed.

Generated by OpenCVE AI on June 17, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 01:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 28 May 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-676

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 27 May 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-676

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix IRQ cleanup on 6xxx probe failure When adf_dev_up() partially completes and then fails, the IRQ handlers registered during adf_isr_resource_alloc() are not detached before the MSI-X vectors are released. Since the device is enabled with pcim_enable_device(), calling pci_alloc_irq_vectors() internally registers pcim_msi_release() as a devres action. On probe failure, devres runs pcim_msi_release() which calls pci_free_irq_vectors(), tearing down the MSI-X vectors while IRQ handlers (for example 'qat0-bundle0') are still attached. This causes remove_proc_entry() warnings: [ 22.163964] remove_proc_entry: removing non-empty directory 'irq/143', leaking at least 'qat0-bundle0' Moving the devm_add_action_or_reset() before adf_dev_up() does not solve the problem since devres runs in LIFO order and pcim_msi_release(), registered later inside adf_dev_up(), would still fire before adf_device_down(). Fix by calling adf_dev_down() explicitly when adf_dev_up() fails, to properly free IRQ handlers before devres releases the MSI-X vectors.
Title crypto: qat - fix IRQ cleanup on 6xxx probe failure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:51:23.100Z

Reserved: 2026-05-13T15:03:33.095Z

Link: CVE-2026-46060

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:25.757

Modified: 2026-06-16T01:15:10.283

Link: CVE-2026-46060

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46060 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:30:05Z

Weaknesses