PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46297 Linux CVE debrief

A vulnerability in the Linux kernel has been resolved. The issue was caused by using request_threaded_irq() with a primary handler but a NULL threaded handler, while also setting the IRQF_ONESHOT flag. This combination triggered a WARNING since the commit aef30c8d569c (genirq: Warn about using IRQF_ONESHOT without a threaded handler). The fix involves switching to request_irq(), which is the appropriate interface for a non-threaded interrupt handler, and removing the unnecessary IRQF_ONESHOT flag.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-08
Original CVE updated
2026-06-08
Advisory published
2026-06-08
Advisory updated
2026-06-08

Who should care

Linux kernel developers and users who rely on the libwx module for VF misc interrupt handling should be aware of this vulnerability and apply the fix to prevent potential issues.

Technical summary

The Linux kernel vulnerability (CVE-2026-46297) was caused by incorrect usage of request_threaded_irq() with a primary handler but a NULL threaded handler, and setting the IRQF_ONESHOT flag. The fix is to use request_irq() and remove the IRQF_ONESHOT flag.

Defensive priority

Medium

Recommended defensive actions

  • Apply the fix by using request_irq() instead of request_threaded_irq() and removing the IRQF_ONESHOT flag.
  • Refer to the official CVE record at resourceLinkAnnotations.cve-org for more information.
  • Check the NVD detail page at resourceLinkAnnotations.nvd for updates and additional resources.

Evidence notes

The vulnerability was discovered in the Linux kernel and resolved by changing the interrupt handling mechanism.

Official resources

CVE-2026-46297 was published on 2026-06-08T17:16:48.160Z and has not been modified since then.