CVE-2026-46221 - Vulnerability Details

- EDAC/versalnet: Fix device name memory leak

Description

In the Linux kernel, the following vulnerability has been resolved:

EDAC/versalnet: Fix device name memory leak

The device name allocated via kzalloc() in init_one_mc() is assigned to
dev->init_name but never freed on the normal removal path. device_register()
copies init_name and then sets dev->init_name to NULL, so the name pointer
becomes unreachable from the device. Thus leaking memory.

Use a stack-local char array instead of using kzalloc() for name.

Published: 2026-05-28

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The EDAC/versalnet driver in the Linux kernel leaks memory because the device name created with kzalloc() in init_one_mc() is not freed on normal removal. The leaked pointer is lost after device_register() resets dev->init_name to NULL, so the allocated memory becomes unreachable and cannot be reclaimed. This uncontrolled retention of memory, classified as a memory‑leak flaw, can lead to gradual exhaustion of kernel memory if the driver is repeatedly loaded and unloaded, potentially causing service interruptions or a local denial‑of‑service. Based on the description, it is inferred that unloading the driver without the patch can repeatedly allocate memory that is never freed, which over time can degrade overall system stability.

Affected Systems

The vulnerability is present in the Linux kernel’s EDAC/versalnet driver. It affected all kernel releases that included the vendor’s versalnet driver before the patch was applied. Administrators should consider any kernel version preceding the commit that introduced stack‑based name allocation as potentially vulnerable.

Risk and Exploitability

The exploit requires local interaction with the kernel to trigger device creation and removal. Because it does not offer remote code execution or privilege escalation, it is considered a low‑to‑moderate risk. The EPSS score is < 1%, it is not listed in CISA’s KEV catalog, and the CVSS score is 5.5. Based on the description, it is inferred that a memory leak can degrade system stability over time, potentially leading to service interruptions, so remediation through a kernel update is prudent.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d5fe2fec6c40dda03df8cc9b4a97de0b7e39f984`	affected	< 24d2912962d087ebff7c4984f8ac34a5f23c8dbf
`d5fe2fec6c40dda03df8cc9b4a97de0b7e39f984`	affected	< b16033c8774f5fb4c0cb9b445a1dfc68f499ae6a
`d5fe2fec6c40dda03df8cc9b4a97de0b7e39f984`	affected	< 8cf5dd235eff6008cb04c3d8064d2acfa90616f1

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.32`	unaffected	≤ 6.18.*
`7.0.9`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.1:rc2::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[d5fe2fec6c40dda03df8cc9b4a97de0b7e39f984,24d2912962d087ebff7c4984f8ac34a5f23c8dbf)`	affected	code_commit	—
`[d5fe2fec6c40dda03df8cc9b4a97de0b7e39f984,b16033c8774f5fb4c0cb9b445a1dfc68f499ae6a)`	affected	code_commit	—
`[d5fe2fec6c40dda03df8cc9b4a97de0b7e39f984,8cf5dd235eff6008cb04c3d8064d2acfa90616f1)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	semver	—
`[6.18.32,6.19.0)`	unaffected	semver	—
`[7.0.9,7.1.0)`	unaffected	semver	—
`[7.1-rc3,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a kernel version that includes the versalnet driver memory‑leak fix.
Ensure the versalnet driver is compiled from a source tree that incorporates the latest commit fixing the init_name release.
Monitor system memory usage for unexpected growth and consider rate‑limiting driver initialization if upgrade delays are unavoidable.

Generated by OpenCVE AI on June 10, 2026 at 20:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00117.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/24d2912962d087ebff7c4984f8ac34a5f23c8dbf
https://git.kernel.org/stable/c/8cf5dd235eff6008cb04c3d8064d2acfa90616f1
https://git.kernel.org/stable/c/b16033c8774f5fb4c0cb9b445a1dfc68f499ae6a
https://lore.kernel.org/linux-cve-announce/2026052837-CVE-2026-46221-f13a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46221
https://www.cve.org/CVERecord?id=CVE-2026-46221

History

Wed, 10 Jun 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401
CPEs		cpe:2.3:o:linux:linux_kernel:7.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.1:rc2::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 29 May 2026 03:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Fri, 29 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026052837-CVE-2026-46221-f13a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46221 https://www.cve.org/CVERecord?id=CVE-2026-46221

Thu, 28 May 2026 13:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc() in init_one_mc() is assigned to dev->init_name but never freed on the normal removal path. device_register() copies init_name and then sets dev->init_name to NULL, so the name pointer becomes unreachable from the device. Thus leaking memory. Use a stack-local char array instead of using kzalloc() for name.
Title		EDAC/versalnet: Fix device name memory leak
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/24d2912962d087ebff7c4984f8ac34a5f23c8dbf https://git.kernel.org/stable/c/8cf5dd235eff6008cb04c3d8064d2acfa90616f1 https://git.kernel.org/stable/c/b16033c8774f5fb4c0cb9b445a1dfc68f499ae6a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:40:36.679Z

Updated: 2026-06-14T18:03:43.057Z

Reserved: 2026-05-13T15:03:33.106Z

Link: CVE-2026-46221

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-28T10:16:37.737

Modified: 2026-06-10T18:45:45.590

Link: CVE-2026-46221

Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46221 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-10T20:45:40Z

Weaknesses

CWE-401
Missing Release of Memory after Effective Lifetime
CWE-772
Missing Release of Resource after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object