CVE Catalog

CVE-2026-46221

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to a memory leak of the device name. The device name allocated via kzalloc() in init_one_mc() is not freed on the normal removal path, leading to a memory leak.

Risk Assessment

Organizations may experience performance issues due to uncontrolled memory consumption, potentially leading to system crashes or slowdowns.

Recommendation

It is recommended to update the Linux kernel to a version where this vulnerability has been fixed to avoid memory leaks.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc() in init_one_mc() is assigned to dev->init_name but never freed on the normal removal path. device_register() copies init_name and then sets dev->init_name to NULL, so the name pointer becomes unreachable from the device. Thus leaking memory. Use a stack-local char array instead of using kzalloc() for name.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS