CVE-2026-46297 - Vulnerability Details

- net: libwx: use request_irq for VF misc interrupt

Description

In the Linux kernel, the following vulnerability has been resolved:

net: libwx: use request_irq for VF misc interrupt

Currently, request_threaded_irq() is used with a primary handler but a
NULL threaded handler, while also setting the IRQF_ONESHOT flag. This
specific combination triggers a WARNING since the commit aef30c8d569c
("genirq: Warn about using IRQF_ONESHOT without a threaded handler").

WARNING: kernel/irq/manage.c:1502 at __setup_irq+0x4fa/0x760

Fix the issue by switching to request_irq(), which is the appropriate
interface or a non-threaded interrupt handler, and removing the
unnecessary IRQF_ONESHOT flag.

Published: 2026-06-08

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel commit that triggered this CVE replaced an incorrect use of request_threaded_irq()—which was supplied with a NULL threaded handler and the IRQF_ONESHOT flag—by a proper request_irq() call or a non-threaded handler. The combination previously caused a kernel warning but does not expose an escalation or denial‑of‑service vector. The flaw falls under CWE‑628, reflecting misuse of an API that could lead to instability rather than a direct vulnerability.

Affected Systems

All Linux kernel releases that include the libwx VF misc interrupt implementation prior to the patch. The affected vendor is the Linux kernel project, and any derivative distributions that ship the unpatched kernel version are also implicated.

Risk and Exploitability

Because the issue manifests only as a kernel warning and the EPSS score is unavailable, there is little evidence of exploitation. The vulnerability is not listed in the CISA KEV catalog, further indicating low likelihood of attack. Applying the patch removes the warning and restores correct interrupt handling, eliminating any indirect impact on system stability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`eb4898fde1de8cf09f8a6b344dbd87536e0b1170`	affected	< 1bca036fe3607182c21f05e2b262167edbef086c
`eb4898fde1de8cf09f8a6b344dbd87536e0b1170`	affected	< a841574c6e573132681aa57f9b43a0a897a423f6
`eb4898fde1de8cf09f8a6b344dbd87536e0b1170`	affected	< 7a33345153eeeda195c55f15be27074e4c3b5109

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1-rc3`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[eb4898fde1de8cf09f8a6b344dbd87536e0b1170,1bca036fe3607182c21f05e2b262167edbef086c)`	affected	code_commit	—
`[eb4898fde1de8cf09f8a6b344dbd87536e0b1170,a841574c6e573132681aa57f9b43a0a897a423f6)`	affected	code_commit	—
`[eb4898fde1de8cf09f8a6b344dbd87536e0b1170,7a33345153eeeda195c55f15be27074e4c3b5109)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.17`	affected	generic	—
`[0,6.17)`	unaffected	semver	—
`[6.18.30,6.19.0)`	unaffected	semver	—
`[7.0.7,7.1.0)`	unaffected	semver	—
`[7.1-rc3,*)`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version containing the commit that changes the interrupt registration to use request_irq() or a non‑threaded handler and removes the unnecessary IRQF_ONESHOT flag.
If the kernel cannot be upgraded promptly, modify any custom driver code that invokes VF misc interrupts to adopt request_irq() without the IRQF_ONESHOT flag or use an alternative non‑threaded handler.
Continuously monitor kernel logs for WARN records related to VF misc interrupts to confirm resolution and detect any regressions.

Generated by OpenCVE AI on June 9, 2026 at 02:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1bca036fe3607182c21f05e2b262167edbef086c
https://git.kernel.org/stable/c/7a33345153eeeda195c55f15be27074e4c3b5109
https://git.kernel.org/stable/c/a841574c6e573132681aa57f9b43a0a897a423f6
https://lore.kernel.org/linux-cve-announce/2026060858-CVE-2026-46297-975a@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46297
https://www.cve.org/CVERecord?id=CVE-2026-46297

History

Tue, 09 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-628
References		https://lore.kernel.org/linux-cve-announce/2026060858-CVE-2026-46297-975a@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46297 https://www.cve.org/CVERecord?id=CVE-2026-46297

Mon, 08 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: libwx: use request_irq for VF misc interrupt Currently, request_threaded_irq() is used with a primary handler but a NULL threaded handler, while also setting the IRQF_ONESHOT flag. This specific combination triggers a WARNING since the commit aef30c8d569c ("genirq: Warn about using IRQF_ONESHOT without a threaded handler"). WARNING: kernel/irq/manage.c:1502 at __setup_irq+0x4fa/0x760 Fix the issue by switching to request_irq(), which is the appropriate interface or a non-threaded interrupt handler, and removing the unnecessary IRQF_ONESHOT flag.
Title		net: libwx: use request_irq for VF misc interrupt
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1bca036fe3607182c21f05e2b262167edbef086c https://git.kernel.org/stable/c/7a33345153eeeda195c55f15be27074e4c3b5109 https://git.kernel.org/stable/c/a841574c6e573132681aa57f9b43a0a897a423f6

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-08T15:46:24.446Z

Updated: 2026-06-08T15:46:24.446Z

Reserved: 2026-05-13T15:03:33.110Z

Link: CVE-2026-46297

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-08T17:16:48.160

Modified: 2026-06-08T17:16:48.160

Link: CVE-2026-46297

Redhat

Severity :

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46297 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-09T03:00:14Z

Weaknesses

CWE-628

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object