CVE-2026-46060
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
16/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
crypto: qat - fix IRQ cleanup on 6xxx probe failure<br />
<br />
When adf_dev_up() partially completes and then fails, the IRQ<br />
handlers registered during adf_isr_resource_alloc() are not detached<br />
before the MSI-X vectors are released.<br />
<br />
Since the device is enabled with pcim_enable_device(), calling<br />
pci_alloc_irq_vectors() internally registers pcim_msi_release() as a<br />
devres action. On probe failure, devres runs pcim_msi_release() which<br />
calls pci_free_irq_vectors(), tearing down the MSI-X vectors while IRQ<br />
handlers (for example &#39;qat0-bundle0&#39;) are still attached. This causes<br />
remove_proc_entry() warnings:<br />
<br />
[ 22.163964] remove_proc_entry: removing non-empty directory &#39;irq/143&#39;, leaking at least &#39;qat0-bundle0&#39;<br />
<br />
Moving the devm_add_action_or_reset() before adf_dev_up() does not solve<br />
the problem since devres runs in LIFO order and pcim_msi_release(),<br />
registered later inside adf_dev_up(), would still fire before<br />
adf_device_down().<br />
<br />
Fix by calling adf_dev_down() explicitly when adf_dev_up() fails, to<br />
properly free IRQ handlers before devres releases the MSI-X vectors.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.16 (including) | 6.18.27 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



