PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46042 Linux CVE debrief

A memory leak vulnerability exists in the Linux kernel's memory policy subsystem, specifically within the weighted_interleave_auto_store() function in mm/mempolicy.c. The flaw stems from improper placement of a pointer fetch operation that leaves allocated memory unreleased under specific input conditions. When a user writes 'false' to the weighted interleave auto control while the current mode is already manual, the function returns early without freeing the newly allocated new_wi_state structure. Additionally, when a user writes 'true', the old_wi_state pointer remains NULL because the fetch is skipped, causing the previous state to be overwritten by rcu_assign_pointer() without being freed. This second leak can be triggered repeatedly by writing '1' in a loop, leading to gradual memory exhaustion. The vulnerability affects kernel memory management operations and could potentially degrade system performance or cause resource exhaustion on affected systems. The fix involves unconditionally fetching old_wi_state before the input validation check, enabling proper cleanup in all code paths and allowing unified early returns when the requested mode matches the current mode.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux system administrators, kernel maintainers, cloud infrastructure operators running containerized workloads with custom memory policies, and security teams monitoring for local denial-of-service conditions through resource exhaustion

Technical summary

The weighted_interleave_auto_store() function in mm/mempolicy.c contains a logic error where old_wi_state is fetched only within the if (!input) conditional block. This placement creates two distinct memory leak paths: (1) early return on 'false' input when already in manual mode leaves new_wi_state unfreed, and (2) 'true' input path skips old_wi_state fetch entirely, causing the previous state to be overwritten without freeing when rcu_assign_pointer() executes, as cleanup is gated on old_wi_state being non-NULL. The second path is repeatable via looped writes. The fix relocates old_wi_state fetch to precede input validation, making cleanup unconditional and enabling unified early return for mode-match scenarios.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel patches from stable tree commits once available for your distribution
  • Monitor for updated kernel packages from Linux distribution vendors
  • Review systems for unusual memory consumption patterns in kernel space
  • Consider restricting access to /sys filesystem nodes related to memory policy configuration where possible
  • Audit privileged user activities that may interact with weighted interleave memory policy controls

Evidence notes

The vulnerability description is sourced directly from the official CVE record published by NVD. The technical details regarding the memory leak conditions and fix approach are derived from the CVE description field. Three kernel.org stable tree commits are referenced as source material. The review attribution to Donet Tom from IBM is present in the source description.

Official resources

The vulnerability was disclosed via the Linux kernel stable tree with patches published on May 27, 2026. The issue was identified and resolved by kernel developers, with review from Donet Tom at IBM. The CVE was published by NVD on May 27,