HOMEVULNERABILITIESCVE-2026-46141
NONE

CVE-2026-46141

Published: May 28, 2026· Updated: May 28, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.3th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

powerpc/xive: fix kmemleak caused by incorrect chip_data lookup

The kmemleak reports the following memory leak:

Unreferenced object 0xc0000002a7fbc640 (size 64):

comm "kworker/8:1", pid 540, jiffies 4294937872

hex dump (first 32 bytes):

01 00 00 00 00 00 00 00 00 00 09 04 00 04 00 00 ................

00 00 a7 81 00 00 0a c0 00 00 08 04 00 04 00 00 ................

backtrace (crc 177d48f6):

__kmalloc_cache_noprof+0x520/0x730

xive_irq_alloc_data.constprop.0+0x40/0xe0

xive_irq_domain_alloc+0xd0/0x1b0

irq_domain_alloc_irqs_parent+0x44/0x6c

pseries_irq_domain_alloc+0x1cc/0x354

irq_domain_alloc_irqs_parent+0x44/0x6c

msi_domain_alloc+0xb0/0x220

irq_domain_alloc_irqs_locked+0x138/0x4d0

__irq_domain_alloc_irqs+0x8c/0xfc

__msi_domain_alloc_irqs+0x214/0x4d8

msi_domain_alloc_irqs_all_locked+0x70/0xf8

pci_msi_setup_msi_irqs+0x60/0x78

__pci_enable_msix_range+0x54c/0x98c

pci_alloc_irq_vectors_affinity+0x16c/0x1d4

nvme_pci_enable+0xac/0x9c0 [nvme]

nvme_probe+0x340/0x764 [nvme]

This occurs when allocating MSI-X vectors for an NVMe device. During

allocation the XIVE code creates a struct xive_irq_data and stores it

in irq_data->chip_data.

When the MSI-X irqdomain is later freed, xive_irq_free_data() is

responsible for retrieving this structure and freeing it. However,

after commit cc0cc23babc9 ("powerpc/xive: Untangle xive from child

interrupt controller drivers"), xive_irq_free_data() retrieves the

chip_data using irq_get_chip_data(), which looks up the data through

the child domain.

This is incorrect because the XIVE-specific irq data is associated with

the XIVE (parent) domain. As a result the lookup fails and the allocated

struct xive_irq_data is never freed, leading to the kmemleak report

shown above.

Fix this by retrieving the irq_data from the correct domain using

irq_domain_get_irq_data() and then accessing the chip_data via

irq_data_get_irq_chip_data().

NVD Source

Technical Analysis

CVE-2026-46141 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-46141
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 28, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-46141 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.