{"id":"CVE-2026-46060","summary":"crypto: qat - fix IRQ cleanup on 6xxx probe failure","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - fix IRQ cleanup on 6xxx probe failure\n\nWhen adf_dev_up() partially completes and then fails, the IRQ\nhandlers registered during adf_isr_resource_alloc() are not detached\nbefore the MSI-X vectors are released.\n\nSince the device is enabled with pcim_enable_device(), calling\npci_alloc_irq_vectors() internally registers pcim_msi_release() as a\ndevres action. On probe failure, devres runs pcim_msi_release() which\ncalls pci_free_irq_vectors(), tearing down the MSI-X vectors while IRQ\nhandlers (for example 'qat0-bundle0') are still attached. This causes\nremove_proc_entry() warnings:\n\n    [   22.163964] remove_proc_entry: removing non-empty directory 'irq/143', leaking at least 'qat0-bundle0'\n\nMoving the devm_add_action_or_reset() before adf_dev_up() does not solve\nthe problem since devres runs in LIFO order and pcim_msi_release(),\nregistered later inside adf_dev_up(), would still fire before\nadf_device_down().\n\nFix by calling adf_dev_down() explicitly when adf_dev_up() fails, to\nproperly free IRQ handlers before devres releases the MSI-X vectors.","modified":"2026-06-18T03:57:09.635448216Z","published":"2026-05-27T12:57:20.991Z","related":["openSUSE-SU-2026:10954-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46060.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/27f561bf894e46bdc2d6209c50884adad79d8277"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7cd651f1357dcc477e6483c3a4706836b46bdc92"},{"type":"WEB","url":"https://git.kernel.org/stable/c/95aed2af87ec43fa7624cc81dd13d37824ad4972"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46060.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46060"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"17fd7514ae68c541bf952876ce2005cb4a53f283"},{"fixed":"27f561bf894e46bdc2d6209c50884adad79d8277"},{"fixed":"7cd651f1357dcc477e6483c3a4706836b46bdc92"},{"fixed":"95aed2af87ec43fa7624cc81dd13d37824ad4972"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46060.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.16.0"},{"fixed":"6.18.27"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46060.json"}}],"schema_version":"1.7.5"}