CVE-2026-46030 Linux CVE debrief

Who should care

System administrators and security teams managing Linux deployments on AMD/Xilinx Versal NET hardware platforms; kernel maintainers responsible for EDAC subsystem backports; embedded systems developers utilizing the Versal NET EDAC driver for hardware error detection and correction capabilities.

Technical summary

The EDAC (Error Detection and Correction) driver for AMD/Xilinx Versal NET platforms contained a device_node reference leak in its probe function. The `of_parse_phandle()` call in `mc_probe()` returns a reference-counted device_node pointer that requires explicit release via `of_node_put()`. The original implementation failed to release `r5_core_node` on any exit path, resulting in a memory leak. The resolution employs the GCC cleanup attribute `__free(device_node)` to automatically invoke `of_node_put()` when the variable goes out of scope, ensuring deterministic resource cleanup regardless of exit path taken.

Defensive priority

low

Recommended defensive actions

• Review kernel configurations for systems utilizing AMD/Xilinx Versal NET platforms to ensure EDAC driver is updated
• Apply stable kernel updates containing commits 17e136993b2b, 5c709b376460, or b6e61356ad24 as appropriate for your kernel version
• Monitor memory usage on affected systems for signs of gradual exhaustion prior to patching
• Verify that custom kernel builds include the EDAC_VERSALNET driver fix if compiled from source

Evidence notes

The vulnerability description is sourced from the official CVE record and NVD entry. The technical details regarding `of_parse_phandle()` and `__free(device_node)` are derived directly from the CVE description field. Three kernel.org stable tree commits are referenced as evidence of the fix being applied across kernel versions.

Official resources