CVE-2026-46042

MEDIUM

mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated new_wi_state. 2. When a user writes "true", old_wi_state stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop. Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode. Reviewed by: Donet Tom <[email protected]>

Scores

CVSS v3 5.5
EPSS 0.0013
EPSS Percentile 2.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-401
Status published
Products (12)
linux/Kernel 6.16.0 - 6.18.27linux
linux/Kernel 6.19.0 - 7.0.4linux
Linux/Linux < 6.16
Linux/Linux 6.16
Linux/Linux 6.18.27 - 6.18.*
Linux/Linux 7.0.4 - 7.0.*
Linux/Linux 7.1
Linux/Linux 7.1-rc1
Linux/Linux e341f9c3c8412e57fe0042a33a2640245ecdf619 - 39caa9ca863f96b3d00447c5aa200cabda489856
Linux/Linux e341f9c3c8412e57fe0042a33a2640245ecdf619 - 6fae274ce0e3109cbbc4c18b354eaace1f0af7d7
... and 2 more
Published May 27, 2026
Tracked Since May 27, 2026