CVE-2026-46171: Linux RISC-V KVM Vector Context Memory Leak
A memory leak exists in the Linux kernel's RISC-V KVM (virtualization) subsystem. When the kernel attempts to allocate memory for virtual CPU vector context during guest setup, it allocates two separate memory blocks. If the second allocation fails, the first block is not freed, causing a memory leak. This leak occurs in unprivileged code paths and can gradually exhaust kernel memory, leading to system denial of service.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 5.5 MEDIUM · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Weaknesses (CWE)
- CWE-401
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: fix vector context allocation leak When the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_vector_context, the first allocation (guest_context.vector.datap) is leaked. Free it before returning.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46171 is a memory leak vulnerability in kvm_riscv_vcpu_alloc_vector_context within the Linux kernel's RISC-V KVM module. The vulnerability is triggered when the host_context.vector.datap kzalloc call fails after a successful guest_context.vector.datap allocation. The error path does not release the guest context allocation before returning, violating proper resource cleanup patterns. This is classified as CWE-401 (Missing Release of Memory after Effective Lifetime), affecting RISC-V systems running KVM-enabled kernels.
Business impact
On affected systems, repeated virtual machine creation or memory allocation failures could gradually consume kernel memory, eventually causing the hypervisor to become unresponsive or crash. For organizations running RISC-V-based cloud platforms, embedded virtualization, or research systems using KVM, this can lead to service disruptions and denial of service. The impact is greatest in environments where VMs are frequently created and destroyed or where memory is already constrained.
Affected systems
This vulnerability affects Linux kernel installations on RISC-V architectures with KVM support enabled. RISC-V is an open-source instruction set used in embedded systems, research platforms, and emerging server deployments. Standard x86 and ARM systems are not affected. Affected deployments include RISC-V-based hypervisors, research computing clusters using RISC-V KVM, and any RISC-V system hosting multiple virtual machines.
Exploitability
Exploitation requires local system access (AV:L) and Linux user privileges (PR:L) to trigger VM creation operations. An attacker cannot remotely exploit this vulnerability. The attack does not require user interaction and affects the availability of system resources. Exploitation is straightforward—repeatedly creating and destroying virtual machines or triggering vector context allocation failures will gradually leak memory. However, the impact manifests over time rather than through immediate critical damage.
Remediation
Apply the kernel patch that adds proper memory deallocation in the error path of kvm_riscv_vcpu_alloc_vector_context. The fix ensures that guest_context.vector.datap is freed if host_context.vector.datap allocation fails. Verify the patch is included in your kernel version by consulting vendor advisories or kernel release notes. Systems already running patched kernels derived from upstream kernel fixes (post-June 2026) should be protected.
Patch guidance
Check your kernel version against vendor advisories for the specific RISC-V KVM memory leak fix. Upstream Linux kernel patches addressing this issue should be available in stable release branches. For distributions (e.g., Linux distributions supporting RISC-V), monitor security bulletins and apply kernel updates when available. Rebuild or update the kernel, test VM creation in non-production environments first, and schedule production updates during maintenance windows. Verify the fix by confirming the error path cleanup code is present in your kernel source.
Detection guidance
Monitor kernel memory usage on RISC-V systems running KVM, particularly non-reclaimable kernel memory (/proc/meminfo MemAvailable and Slab metrics). Sustained memory growth during VM lifecycle operations (creation/deletion) may indicate the leak. Enable KVM event tracing to correlate memory pressure with vcpu_alloc failures. Log kernel allocation errors (dmesg) for kvm_riscv_vcpu_alloc_vector_context failures. Alert on abnormal kernel memory exhaustion patterns that precede system hangs.
Why prioritize this
Although the CVSS score is moderate (5.5), this vulnerability merits prompt patching because it affects system stability and can cascade across virtualized infrastructure. RISC-V KVM deployments, while currently smaller than x86 or ARM, are growing in research and embedded markets. The simplicity of triggering the leak and the potential for compound effects in multi-tenant environments justify treating this as medium-high priority for affected operators.
Risk score, explained
The CVSS:3.1 score of 5.5 (MEDIUM) reflects local attack vector, low privileges required, and high availability impact (denial of service through resource exhaustion). The score does not account for the incremental nature of the leak or ecosystem-specific concentration in emerging RISC-V platforms. Organizations with heavy RISC-V KVM workloads should treat this as more critical than the base score suggests.
Frequently asked questions
Does this vulnerability affect my x86 or ARM Linux systems?
No. This vulnerability is specific to the RISC-V architecture. x86 and ARM systems running KVM or other hypervisors are not affected. Verify your system's architecture with 'uname -m' to confirm.
Can this be exploited remotely or without local access?
No. The attack vector is local, requiring the ability to execute code with unprivileged user privileges on the system. Remote exploitation is not possible. However, if an attacker already has user-level shell access, they can trigger it.
How long does it take for the memory leak to cause a problem?
The impact depends on your workload. In environments with frequent VM creation/destruction or high-frequency kernel memory allocation, the leak may manifest within hours or days. In stable, static deployments, it may take weeks. Monitoring is recommended rather than assuming extended immunity.
Do I need to reboot after applying the kernel patch?
Yes. Kernel patches require a system reboot to take effect. Plan your update during a maintenance window and test VM functionality after reboot to confirm the fix is active.
This analysis is based on the CVE record and publicly available kernel documentation as of the publication date. Patch availability and version numbers vary by Linux distribution; consult your vendor's security advisory for specific guidance. No exploit code is provided. Organizations should verify their kernel version and apply patches according to their change management procedures. This information is provided for informational purposes and does not constitute professional security advice; engage qualified security personnel for deployment decisions. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-46109MEDIUMLinux Kernel USB ULPI Memory Leak – CVSS 5.5 Medium
- CVE-2026-46141MEDIUMPowerPC XIVE Memory Leak in MSI-X Interrupt Allocation
- CVE-2026-46143MEDIUMLinux QCOM Audio Driver Memory Leak – Availability Risk
- CVE-2026-46147MEDIUMLinux ARM64 KVM vCPU Initialization Pin Leak and Race Condition
- CVE-2026-46151MEDIUMLinux Kernel USB Printer Driver Heap Memory Leak
- CVE-2026-46182MEDIUMLinux Kernel PAPR Hypervisor Pipe Information Disclosure Vulnerability
- CVE-2026-46207MEDIUMLinux vsock/virtio Incomplete Payload Disclosure in Network Monitoring
- CVE-2026-46221MEDIUMLinux Kernel EDAC Versalnet Memory Leak Vulnerability