CVE-2026-46221

Source
https://cve.org/CVERecord?id=CVE-2026-46221
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46221.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46221
Downstream
Related
Published
2026-05-28T09:40:36.679Z
Modified
2026-07-08T08:13:40.492528079Z
Summary
EDAC/versalnet: Fix device name memory leak
Details

In the Linux kernel, the following vulnerability has been resolved:

EDAC/versalnet: Fix device name memory leak

The device name allocated via kzalloc() in initonemc() is assigned to dev->initname but never freed on the normal removal path. deviceregister() copies initname and then sets dev->initname to NULL, so the name pointer becomes unreachable from the device. Thus leaking memory.

Use a stack-local char array instead of using kzalloc() for name.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46221.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5fe2fec6c40dda03df8cc9b4a97de0b7e39f984
Fixed
24d2912962d087ebff7c4984f8ac34a5f23c8dbf
Fixed
b16033c8774f5fb4c0cb9b445a1dfc68f499ae6a
Fixed
8cf5dd235eff6008cb04c3d8064d2acfa90616f1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46221.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.18.0
Fixed
6.18.32
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46221.json"