CVE-2026-46171

MEDIUM

riscv: kvm: fix vector context allocation leak

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: fix vector context allocation leak When the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_vector_context, the first allocation (guest_context.vector.datap) is leaked. Free it before returning.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/bd62c0f61bc722a097417401030c596cea8e21aa

https://git.kernel.org/stable/c/1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98

https://git.kernel.org/stable/c/b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978

Scores

CVSS v3 5.5

EPSS 0.0013

EPSS Percentile 2.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (10)

Linux/Linux < 6.5

Linux/Linux 0f4b82579716b12bb88257bd7ea80f25c791fb2c - 1d57ab45ec5c0e22789de793bcf2a31ad6fb7d98

Linux/Linux 0f4b82579716b12bb88257bd7ea80f25c791fb2c - b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978

Linux/Linux 0f4b82579716b12bb88257bd7ea80f25c791fb2c - bd62c0f61bc722a097417401030c596cea8e21aa

Linux/Linux 6.18.30 - 6.18.*

Linux/Linux 6.5

Linux/Linux 7.0.7 - 7.0.*

Linux/Linux 7.1

Linux/Linux 7.1-rc1

linux/linux_kernel 6.5 - 6.18.30

Published May 28, 2026

Tracked Since May 28, 2026