{"id":"CVE-2026-46042","summary":"mm/mempolicy: fix memory leaks in weighted_interleave_auto_store()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/mempolicy: fix memory leaks in weighted_interleave_auto_store()\n\nweighted_interleave_auto_store() fetches old_wi_state inside the if\n(!input) block only.  This causes two memory leaks:\n\n1. When a user writes \"false\" and the current mode is already manual,\n   the function returns early without freeing the freshly allocated\n   new_wi_state.\n\n2. When a user writes \"true\", old_wi_state stays NULL because the\n   fetch is skipped entirely. The old state is then overwritten by\n   rcu_assign_pointer() but never freed, since the cleanup path is\n   gated on old_wi_state being non-NULL. A user can trigger this\n   repeatedly by writing \"1\" in a loop.\n\nFix both leaks by moving the old_wi_state fetch before the input check,\nmaking it unconditional.  This also allows a unified early return for both\n\"true\" and \"false\" when the requested mode matches the current mode.\n\nReviewed by: Donet Tom \u003cdonettom@linux.ibm.com\u003e","modified":"2026-06-18T03:55:01.301858858Z","published":"2026-05-27T12:56:56.830Z","related":["openSUSE-SU-2026:10954-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46042.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/39caa9ca863f96b3d00447c5aa200cabda489856"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6fae274ce0e3109cbbc4c18b354eaace1f0af7d7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c42a7efb9060d89b72708ffaf255d0002c2164a7"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46042.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46042"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e341f9c3c8412e57fe0042a33a2640245ecdf619"},{"fixed":"c42a7efb9060d89b72708ffaf255d0002c2164a7"},{"fixed":"39caa9ca863f96b3d00447c5aa200cabda489856"},{"fixed":"6fae274ce0e3109cbbc4c18b354eaace1f0af7d7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46042.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.16.0"},{"fixed":"6.18.27"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46042.json"}}],"schema_version":"1.7.5"}