PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46141 Linux CVE debrief

A memory leak vulnerability exists in the Linux kernel's XIVE (eXternal Interrupt Virtualization Engine) interrupt controller code on PowerPC architectures. The issue was introduced by commit cc0cc23babc9, which refactored XIVE to untangle it from child interrupt controller drivers. Following this change, the `xive_irq_free_data()` function incorrectly retrieves `chip_data` using `irq_get_chip_data()`, which looks up data through the child domain rather than the XIVE parent domain. This causes the lookup to fail when MSI-X irqdomains are freed, leaving allocated `struct xive_irq_data` structures unreleased. The kmemleak manifests during NVMe device initialization when allocating MSI-X vectors, as reported in the kernel commit message. The fix retrieves `irq_data` from the correct domain using `irq_domain_get_irq_data()` and accesses `chip_data` via `irq_data_get_irq_chip_data()`.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-28
Advisory published
2026-05-28
Advisory updated
2026-05-28

Who should care

Organizations running Linux on IBM Power Systems (PowerPC) with XIVE interrupt virtualization enabled; cloud providers hosting PowerPC-based workloads; kernel maintainers for PowerPC distributions; systems with NVMe storage or other MSI-X-capable PCI devices on affected kernels

Technical summary

The vulnerability is a kernel memory leak in arch/powerpc/sysdev/xive/common.c. The XIVE interrupt controller allocates per-IRQ metadata (struct xive_irq_data) during MSI-X vector setup and stores it in irq_data->chip_data. When freeing, xive_irq_free_data() must retrieve this structure to kfree() it. Post-refactoring, the function used irq_get_chip_data() which traverses the wrong irqdomain hierarchy, returning NULL. The allocated 64-byte structures accumulate, reported by kmemleak during NVMe probe operations. The fix uses irq_domain_get_irq_data(xive_domain, hwirq) to obtain the correct irq_data, then irq_data_get_irq_chip_data() to access chip_data for proper deallocation.

Defensive priority

medium

Recommended defensive actions

  • Apply the stable kernel patches referenced in the CVE record to affected PowerPC systems running kernels containing commit cc0cc23babc9
  • Monitor kernel memory usage on PowerPC XIVE systems using kmemleak or similar tools to detect unfreed xive_irq_data structures
  • Prioritize patching on systems with high NVMe device churn or frequent PCI hotplug operations where MSI-X allocation/deallocation cycles are common
  • Verify patch application by checking that xive_irq_free_data() uses irq_domain_get_irq_data() with the XIVE domain rather than irq_get_chip_data()

Evidence notes

The vulnerability description is sourced from the official Linux kernel commit message resolving the issue, published 2026-05-28. The fix is confirmed by three stable kernel commits. No CVSS score has been assigned by NVD (status: Awaiting Analysis). The issue affects PowerPC systems using XIVE interrupt virtualization, specifically during MSI-X vector allocation/deallocation for PCI devices.

Official resources

2026-05-28