CVE-2026-46044 Linux CVE debrief

Who should care

System administrators managing servers with IPMI SSIF interfaces, Linux distribution maintainers, and organizations running custom kernel builds with IPMI support should prioritize this patch to prevent potential resource exhaustion in error scenarios.

Technical summary

The IPMI SSIF driver in the Linux kernel creates a kernel thread during initialization. If an error occurs after kthread creation but before the SSIF interface is fully started by the main IPMI code, the error handling path fails to stop the created kthread. This results in a resource leak where the kthread continues running without proper cleanup. The fix ensures that kthread_stop() is called on the error path when the thread is running, preventing the resource leak.

Defensive priority

medium

Recommended defensive actions

• Apply the relevant stable kernel patches from the 5.15, 6.1, and 6.6 stable trees once available through your distribution's security channel
• Monitor NVD for CVSS scoring updates as analysis progresses
• Review systems using IPMI SSIF interfaces for kernel thread resource usage if experiencing stability issues
• Verify kernel thread cleanup behavior in custom IPMI SSIF driver implementations if maintaining out-of-tree code

Evidence notes

The vulnerability description is sourced from the official CVE record and NVD entry. Three kernel.org stable tree commits are referenced as the resolution. No CVSS score or severity rating has been assigned by NVD at this time (status: Awaiting Analysis). The vendor identification is marked as low confidence and requires review, though the source references clearly indicate the Linux kernel.

Official resources