What is CVE-2026-46042?

CVE-2026-46042 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.16 onward and patched in 6.18.27, 7.0.4 and 7.1-rc1. CVE-2026-46042 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46042?

CVE-2026-46042 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46042?

Yes, CVE-2026-46042 has been patched. Fixed versions include 6.18.27, 7.0.4 and 7.1-rc1. If you are running Linux kernel 6.16 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46042 actively exploited?

CVE-2026-46042 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46042

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weighted_interleave_auto_store() weighted_interleave_auto_store() fetches old_wi_state inside the if (!input) block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is already manual, the function returns early without freeing the freshly allocated new_wi_state. 2. When a user writes "true", old_wi_state stays NULL because the fetch is skipped entirely. The old state is then overwritten by rcu_assign_pointer() but never freed, since the cleanup path is gated on old_wi_state being non-NULL. A user can trigger this repeatedly by writing "1" in a loop. Fix both leaks by moving the old_wi_state fetch before the input check, making it unconditional. This also allows a unified early return for both "true" and "false" when the requested mode matches the current mode. Reviewed by: Donet Tom <[email protected]>

Package Linux Kernel

Published 2026-05-27

Last modified 2026-05-27

Patch available

Yes

Affected versions

Linux kernel versions 6.16 and later are affected. Fixed in 6.18.27, 7.0.4, 7.1-rc1 and their respective stable series.

Affected from

≥ 6.16

Fixed in

✓ 6.18.27 6.18.x ✓ 7.0.4 7.0.x ✓ 7.1-rc1

References

The following references provide additional information about CVE-2026-46042 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/39caa9ca863f96b3d00447c5aa200cabda489856
Patch
Kernel patch commit
https://git.kernel.org/stable/c/6fae274ce0e3109cbbc4c18b354eaace1f0af7d7
Patch
Kernel patch commit
https://git.kernel.org/stable/c/c42a7efb9060d89b72708ffaf255d0002c2164a7
Patch

Frequently asked questions

What is CVE-2026-46042?

CVE-2026-46042 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.16 onward and has been patched in 6.18.27, 7.0.4 and 7.1-rc1. CVE-2026-46042 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46042?

Yes — CVE-2026-46042 has been patched. Fixed versions include 6.18.27, 7.0.4 and 7.1-rc1. If you are running Linux kernel 6.16 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46042 actively exploited?

No — CVE-2026-46042 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.