Bug 2482575 (CVE-2026-46221)

Summary: CVE-2026-46221 kernel: EDAC/versalnet: Fix device name memory leak
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's EDAC/versalnet component. A memory leak occurs because the device name, allocated during initialization, is not properly freed. Over time, this unreleased memory could lead to resource exhaustion, potentially impacting system stability and availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-28 11:04:01 UTC 
In the Linux kernel, the following vulnerability has been resolved:

EDAC/versalnet: Fix device name memory leak

The device name allocated via kzalloc() in init_one_mc() is assigned to
dev->init_name but never freed on the normal removal path.  device_register()
copies init_name and then sets dev->init_name to NULL, so the name pointer
becomes unreachable from the device. Thus leaking memory.

Use a stack-local char array instead of using kzalloc() for name.
Comment 1 Keith Grant 2026-05-28 12:46:47 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026052837-CVE-2026-46221-f13a@gregkh/T