CVE-2026-46042
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()
weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks:
When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated new_wi_state.
When a user writes "true", old_wi_state stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop.
Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode.
Reviewed by: Donet Tom <donettom@linux.ibm.com>
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | e341f9c3c8412e57fe0042a33a2640245ecdf619 < c42a7efb9060d89b72708ffaf255d0002c2164a7 | affected |
| Linux | Linux | e341f9c3c8412e57fe0042a33a2640245ecdf619 < 39caa9ca863f96b3d00447c5aa200cabda489856 | affected |
| Linux | Linux | e341f9c3c8412e57fe0042a33a2640245ecdf619 < 6fae274ce0e3109cbbc4c18b354eaace1f0af7d7 | affected |
| Linux | Linux | 6.16 | affected |
| Linux | Linux | 0 < 6.16 | unaffected |
| Linux | Linux | 6.18.27 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.4 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/c42a7efb9060d89b72708ffaf255d0002c2164a7
- https://git.kernel.org/stable/c/39caa9ca863f96b3d00447c5aa200cabda489856
- https://git.kernel.org/stable/c/6fae274ce0e3109cbbc4c18b354eaace1f0af7d7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.