CVE-2026-46141
A memory leak vulnerability exists in the Linux kernel's PowerPC XIVE interrupt handling code. When allocating MSI-X interrupt vectors for NVMe devices, the kernel creates interrupt data structures but fails to properly clean them up when the interrupt domain is freed. This occurs because the code looks for the data in the wrong place during cleanup, causing allocated memory to be abandoned. While this is a localized memory management issue, repeated device allocation and deallocation cycles could gradually consume system memory and degrade performance.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.5 MEDIUM · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-401
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-24
NVD description (verbatim)
In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: fix kmemleak caused by incorrect chip_data lookup The kmemleak reports the following memory leak: Unreferenced object 0xc0000002a7fbc640 (size 64): comm "kworker/8:1", pid 540, jiffies 4294937872 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 09 04 00 04 00 00 ................ 00 00 a7 81 00 00 0a c0 00 00 08 04 00 04 00 00 ................ backtrace (crc 177d48f6): __kmalloc_cache_noprof+0x520/0x730 xive_irq_alloc_data.constprop.0+0x40/0xe0 xive_irq_domain_alloc+0xd0/0x1b0 irq_domain_alloc_irqs_parent+0x44/0x6c pseries_irq_domain_alloc+0x1cc/0x354 irq_domain_alloc_irqs_parent+0x44/0x6c msi_domain_alloc+0xb0/0x220 irq_domain_alloc_irqs_locked+0x138/0x4d0 __irq_domain_alloc_irqs+0x8c/0xfc __msi_domain_alloc_irqs+0x214/0x4d8 msi_domain_alloc_irqs_all_locked+0x70/0xf8 pci_msi_setup_msi_irqs+0x60/0x78 __pci_enable_msix_range+0x54c/0x98c pci_alloc_irq_vectors_affinity+0x16c/0x1d4 nvme_pci_enable+0xac/0x9c0 [nvme] nvme_probe+0x340/0x764 [nvme] This occurs when allocating MSI-X vectors for an NVMe device. During allocation the XIVE code creates a struct xive_irq_data and stores it in irq_data->chip_data. When the MSI-X irqdomain is later freed, xive_irq_free_data() is responsible for retrieving this structure and freeing it. However, after commit cc0cc23babc9 ("powerpc/xive: Untangle xive from child interrupt controller drivers"), xive_irq_free_data() retrieves the chip_data using irq_get_chip_data(), which looks up the data through the child domain. This is incorrect because the XIVE-specific irq data is associated with the XIVE (parent) domain. As a result the lookup fails and the allocated struct xive_irq_data is never freed, leading to the kmemleak report shown above. Fix this by retrieving the irq_data from the correct domain using irq_domain_get_irq_data() and then accessing the chip_data via irq_data_get_irq_chip_data().
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46141 is a memory leak (CWE-401) in the PowerPC XIVE interrupt controller subsystem. The vulnerability stems from an incorrect chip_data lookup in xive_irq_free_data() introduced after commit cc0cc23babc9. When MSI-X interrupt domains are freed, the function uses irq_get_chip_data() to retrieve XIVE-specific interrupt data, but this API searches the child domain hierarchy rather than the parent XIVE domain where the data was stored during allocation. As a result, the xive_irq_data structure allocated during irq_domain_alloc is never freed. The fix involves using irq_domain_get_irq_data() to access the correct domain context and irq_data_get_irq_chip_data() to retrieve the chip data from the proper irq_data structure.
Business impact
This vulnerability primarily affects PowerPC-based systems using the XIVE interrupt controller—such as IBM POWER systems—that deploy NVMe storage devices. The memory leak compounds with each MSI-X device allocation, potentially causing gradual memory exhaustion and performance degradation over time, especially in data center environments with frequent device hot-swapping or virtualized workloads. While not immediately catastrophic, sustained operation could lead to system instability and service interruptions. The impact is limited to PowerPC architectures and does not affect x86 or ARM systems.
Affected systems
Linux kernel running on PowerPC processors that use the XIVE interrupt controller, particularly when NVMe devices are attached and MSI-X vectors are allocated. This includes IBM POWER8, POWER9, and POWER10 systems. The vulnerability does not affect other processor architectures (x86, ARM, etc.) or systems using alternative interrupt controllers.
Exploitability
This is not an exploitable vulnerability in the traditional sense. It is a memory management bug that cannot be leveraged for code execution, privilege escalation, or information disclosure. An unprivileged local user could potentially trigger the leak by repeatedly attaching and detaching NVMe devices if they have physical access or appropriate virtualization permissions, but no active exploitation method exists. The vulnerability is self-contained within kernel memory management and poses no direct security threat—only a reliability and resource availability risk.
Remediation
Apply the kernel patch that corrects the chip_data lookup in xive_irq_free_data() to use the proper domain context. Verify the fix against your Linux distribution's kernel advisory, as the patch version will depend on your release cycle. For systems unable to patch immediately, limit the frequency of MSI-X device attach/detach operations to minimize cumulative memory leak impact.
Patch guidance
Monitor your Linux distribution's security advisory channels and kernel repositories for the backported fix. For RHEL, Fedora, Ubuntu, and other major distributions, check their respective kernel security advisories referencing CVE-2026-46141. Apply the patch during a scheduled maintenance window, as kernel updates require a reboot. Verify the patch is included in your kernel's release notes before deployment. If you maintain custom kernel builds, ensure the fix from the Linux kernel mainline is incorporated into your build process.
Detection guidance
Monitor system memory usage trends on PowerPC systems with attached NVMe devices, particularly looking for unexplained gradual memory consumption over time. Use kmemleak reporting (if enabled in kernel config) to confirm xive_irq_data allocations without corresponding frees. In production, enable memory pressure monitoring and alerting on systems where MSI-X devices are routinely added or removed. Correlation of memory leaks with NVMe device attachment/detachment cycles on PowerPC architecture is a strong indicator of this vulnerability.
Why prioritize this
Although rated MEDIUM severity due to its confidentiality/integrity impact score of 0, the vulnerability merits prompt but not emergency patching. It affects a specific hardware subset (PowerPC + XIVE + NVMe) that is less common in typical enterprise environments but critical in specialized deployments like IBM Power Systems data centers. The cumulative nature of the memory leak makes earlier patching preferable to prevent long-term system degradation. Prioritize systems with high MSI-X device churn or constrained memory budgets.
Risk score, explained
The CVSS 3.1 score of 5.5 MEDIUM reflects a local attack vector requiring user privileges, no special access complexity, and impact limited to availability through resource exhaustion (memory leak). There is no direct impact to confidentiality or integrity. The score appropriately captures that this is a reliability issue rather than a security breach vector, but the cumulative nature of memory leaks warrants timely remediation to prevent production outages.
Frequently asked questions
Does this vulnerability affect my x86 or ARM Linux systems?
No. CVE-2026-46141 is specific to PowerPC processors using the XIVE interrupt controller. x86, ARM, and other architectures are unaffected. If your environment is exclusively x86 or ARM-based, this CVE does not require action.
Can this vulnerability be exploited remotely or to gain elevated privileges?
No. This is a memory leak, not a security boundary violation. It cannot be exploited for remote code execution, privilege escalation, or information disclosure. It can only degrade system availability over time through cumulative memory consumption.
What is the real-world impact if I don't patch?
On affected PowerPC systems with NVMe devices, unpatched kernels will gradually leak memory each time MSI-X interrupt vectors are allocated and freed. Depending on device attachment frequency, you may see measurable memory exhaustion within weeks to months, leading to performance degradation or eventual out-of-memory conditions that require a reboot.
Do I need to reboot after applying the patch?
Yes. Like all kernel patches, this fix requires a reboot to take effect. Plan patching during a scheduled maintenance window. Consider staggering reboots across a fleet if you manage multiple systems.
This analysis is based on available vulnerability data and vendor advisories as of the publication date. CVSS scores and patch availability are subject to change. Organizations should verify all patch version numbers and applicability against official vendor advisories before deployment. This vulnerability intelligence is provided for informational purposes to support security decision-making; it does not constitute official vendor guidance or a substitute for vendor security bulletins. No exploit code or proof-of-concept demonstrations are provided. Always consult your Linux distribution's official security advisory for final remediation and testing recommendations. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-46109MEDIUM
CVE-2026-46109: Linux Kernel USB ULPI Memory Leak – CVSS 5.5 Medium
- CVE-2026-46143MEDIUM
CVE-2026-46143: Linux QCOM Audio Driver Memory Leak – Availability Risk
- CVE-2026-46147MEDIUM
CVE-2026-46147: Linux ARM64 KVM vCPU Initialization Pin Leak and Race Condition
- CVE-2026-46151MEDIUM
CVE-2026-46151: Linux Kernel USB Printer Driver Heap Memory Leak
- CVE-2025-71313MEDIUM
CVE-2025-71313: Linux Kernel PCI Endpoint NULL Pointer Dereference
- CVE-2025-71314MEDIUM
CVE-2025-71314: Linux Panthor GPU Driver Denial of Service via Cache Flush Timeout
- CVE-2026-10004MEDIUM
CVE-2026-10004: Chrome UI Spoofing Vulnerability – Password Dialog Hijacking
- CVE-2026-10018MEDIUM
CVE-2026-10018: Integer Overflow in Chrome ANGLE GPU Graphics Layer