CVE-2026-46171 - Vulnerability Details

- riscv: kvm: fix vector context allocation leak

Description

In the Linux kernel, the following vulnerability has been resolved:

riscv: kvm: fix vector context allocation leak

When the second kzalloc (host_context.vector.datap) fails in
kvm_riscv_vcpu_alloc_vector_context, the first allocation
(guest_context.vector.datap) is leaked. Free it before returning.

Published: 2026-05-28

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw occurs in the RISC‑V KVM implementation within the Linux kernel. When the second memory allocation fails during VCPU vector context creation, a previously allocated memory block is not freed. This residual allocation grows over time and can consume kernel memory, potentially leading to resource exhaustion or a denial‑of‑service condition for privileged users. The weakness is a memory leak and an unreleased resource, classified under CWE‑401 and CWE‑772.

Affected Systems

The vulnerability affects the Linux kernel on RISC‑V based systems that use KVM. No specific version range is given, but any kernel build containing the unpatched vector context allocation code is susceptible. The CPE string references generic linux_kernel, indicating that all variants running on RISC‑V with KVM are at risk until the fix is applied.

Risk and Exploitability

Exploitation requires privileged access to the kernel, as the trigger occurs during VCPU allocation. The EPSS score of < 1% indicates a very low probability of exploitation, but the vulnerability is still exploitable under the right circumstances. The CVSS score of 5.5 indicates a moderate severity rating. The vulnerability is not catalogued in CISA KEV. Given the potential for gradual memory growth, an attacker could repeatedly trigger allocation failures to deplete kernel memory, possibly causing system instability or a crash. Without a public exploit, the risk is moderate to high, depending on the frequency of allocation failures and the overall memory pressure of the host.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0f4b82579716b12bb88257bd7ea80f25c791fb2c`	affected	< bd62c0f61bc722a097417401030c596cea8e21aa
`0f4b82579716b12bb88257bd7ea80f25c791fb2c`	affected	< 1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98
`0f4b82579716b12bb88257bd7ea80f25c791fb2c`	affected	< b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978

Linux

affected

Version	Status	Constraints
`6.5`	affected	—
`0`	unaffected	< 6.5
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0f4b82579716b12bb88257bd7ea80f25c791fb2c,bd62c0f61bc722a097417401030c596cea8e21aa)`	affected	code_commit	—
`[0f4b82579716b12bb88257bd7ea80f25c791fb2c,1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98)`	affected	code_commit	—
`[0f4b82579716b12bb88257bd7ea80f25c791fb2c,b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.5`	affected	generic	—
`[0,6.5)`	unaffected	generic	—
`[6.18.30,6.19.0)`	unaffected	semver	—
`[7.0.7,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a patched version that includes the RISC‑V KVM vector context leak fix as referenced in the commit patches.
If an immediate kernel upgrade is not possible, disable or limit the use of vector context allocation for RISC‑V VCPUs, or reduce the number of VCPUs allocated per virtual machine to mitigate the impact.
Monitor kernel memory usage and kernel logs for signs of out‑of‑memory conditions or allocation failures that may indicate the leak is still present.

Generated by OpenCVE AI on June 11, 2026 at 19:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00126.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98
https://git.kernel.org/stable/c/b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978
https://git.kernel.org/stable/c/bd62c0f61bc722a097417401030c596cea8e21aa
https://lore.kernel.org/linux-cve-announce/2026052827-CVE-2026-46171-a668@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46171
https://www.cve.org/CVERecord?id=CVE-2026-46171

History

Thu, 11 Jun 2026 12:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 29 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026052827-CVE-2026-46171-a668@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46171 https://www.cve.org/CVERecord?id=CVE-2026-46171

Thu, 28 May 2026 13:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: fix vector context allocation leak When the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_vector_context, the first allocation (guest_context.vector.datap) is leaked. Free it before returning.
Title		riscv: kvm: fix vector context allocation leak
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98 https://git.kernel.org/stable/c/b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978 https://git.kernel.org/stable/c/bd62c0f61bc722a097417401030c596cea8e21aa

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:36:25.966Z

Updated: 2026-06-14T17:59:56.976Z

Reserved: 2026-05-13T15:03:33.103Z

Link: CVE-2026-46171

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-28T10:16:32.740

Modified: 2026-06-11T12:19:22.343

Link: CVE-2026-46171

Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46171 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-11T19:45:37Z

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime
CWE-772
Missing Release of Resource after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object