Description
In the Linux kernel, the following vulnerability has been resolved:

EDAC/versalnet: Fix device name memory leak

The device name allocated via kzalloc() in init_one_mc() is assigned to
dev->init_name but never freed on the normal removal path. device_register()
copies init_name and then sets dev->init_name to NULL, so the name pointer
becomes unreachable from the device. Thus leaking memory.

Use a stack-local char array instead of using kzalloc() for name.
Published: 2026-05-28
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The EDAC/versalnet driver in the Linux kernel leaks memory because the device name created with kzalloc() in init_one_mc() is not freed on normal removal. The leaked pointer is lost after device_register() resets dev->init_name to NULL, so the allocated memory becomes unreachable and cannot be reclaimed. This uncontrolled retention of memory, classified as a memory‑leak flaw, can lead to gradual exhaustion of kernel memory if the driver is repeatedly loaded and unloaded, potentially causing service interruptions or a local denial‑of‑service.

Affected Systems

The vulnerability is present in the Linux kernel’s EDAC/versalnet driver. It affected all kernel releases that included the vendor’s versalnet driver before the patch was applied. The specific affected Linux kernel version ranges are not listed in the advisory; administrators should consider any kernel version preceding the commit that introduced stack‑based name allocation.

Risk and Exploitability

The exploit requires local interaction with the kernel to trigger device creation and removal. Because it does not offer remote code execution or privilege escalation, it is considered a low‑to‑moderate risk. The CVSS score is not published and the EPSS score is unavailable, but the issue is not listed in CISA’s KEV catalog, suggesting limited current exploitation. Nonetheless, a memory leak can degrade system stability over time, so remediation through a kernel update is prudent.

Generated by OpenCVE AI on May 28, 2026 at 12:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that includes the versalnet driver memory‑leak fix.
  • Ensure the versalnet driver is compiled from a source tree that incorporates the latest commit fixing the init_name release.
  • Monitor system memory usage for unexpected growth and consider rate‑limiting driver initialization if upgrade delays are unavoidable.

Generated by OpenCVE AI on May 28, 2026 at 12:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc() in init_one_mc() is assigned to dev->init_name but never freed on the normal removal path. device_register() copies init_name and then sets dev->init_name to NULL, so the name pointer becomes unreachable from the device. Thus leaking memory. Use a stack-local char array instead of using kzalloc() for name.
Title EDAC/versalnet: Fix device name memory leak
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:40:36.679Z

Reserved: 2026-05-13T15:03:33.106Z

Link: CVE-2026-46221

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:37.737

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46221

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T15:30:04Z

Weaknesses