CVE-2026-46196

Summary

In the Linux kernel, the following vulnerability has been resolved:

tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()

When a tracepoint goes through the 0 -> 1 transition, tracepoint_add_func() invokes the subsystem's ext->regfunc() before attempting to install the new probe via func_add(). If func_add() then fails (for example, when allocate_probes() cannot allocate a new probe array under memory pressure and returns -ENOMEM), the function returns the error without calling the matching ext->unregfunc(), leaving the side effects of regfunc() behind with no installed probe to justify them.

For syscall tracepoints this is particularly unpleasant: syscall_regfunc() bumps sys_tracepoint_refcount and sets SYSCALL_TRACEPOINT on every task. After a leaked failure, the refcount is stuck at a non-zero value with no consumer, and every task continues paying the syscall trace entry/exit overhead until reboot. Other subsystems providing regfunc()/unregfunc() pairs exhibit similarly scoped persistent state.

Mirror the existing 1 -> 0 cleanup and call ext->unregfunc() in the func_add() error path, gated on the same condition used there so the unwind is symmetric with the registration.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8cf868affdc459beee1a941df0cfaba1673740e3 < 5787052e5f69beb649f3d6a80a8aa37d9e683e4eaffected
LinuxLinux8cf868affdc459beee1a941df0cfaba1673740e3 < 4f1756d043e56ea2e9a6c858fb290a0cf6fc2251affected
LinuxLinux8cf868affdc459beee1a941df0cfaba1673740e3 < 36ff362235307af95152d510b53c2d9b8773a342affected
LinuxLinux8cf868affdc459beee1a941df0cfaba1673740e3 < 247ed8a969f981bfba3112fd4bb441eaa6cef59caffected
LinuxLinux8cf868affdc459beee1a941df0cfaba1673740e3 < 7bcadb3c2bc1cf60690e931aadd35fb7bd646a49affected
LinuxLinux8cf868affdc459beee1a941df0cfaba1673740e3 < 2c5b8eeea006eb694c81631cd5713d494b80be90affected
LinuxLinux8cf868affdc459beee1a941df0cfaba1673740e3 < 342829e042ac00f3d68d442ea92873fb6683f494affected
LinuxLinux8cf868affdc459beee1a941df0cfaba1673740e3 < fad217e16fded7f3c09f8637b0f6a224d58b5f2eaffected
LinuxLinux4.10affected
LinuxLinux0 < 4.10unaffected
LinuxLinux5.10.259 <= 5.10.*unaffected
LinuxLinux5.15.210 <= 5.15.*unaffected
LinuxLinux6.1.176 <= 6.1.*unaffected
LinuxLinux6.6.140 <= 6.6.*unaffected
LinuxLinux6.12.88 <= 6.12.*unaffected
LinuxLinux6.18.30 <= 6.18.*unaffected
LinuxLinux7.0.7 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References