Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-46060

Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
27/05/2026
Última modificación:
16/06/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: qat - fix IRQ cleanup on 6xxx probe failure<br /> <br /> When adf_dev_up() partially completes and then fails, the IRQ<br /> handlers registered during adf_isr_resource_alloc() are not detached<br /> before the MSI-X vectors are released.<br /> <br /> Since the device is enabled with pcim_enable_device(), calling<br /> pci_alloc_irq_vectors() internally registers pcim_msi_release() as a<br /> devres action. On probe failure, devres runs pcim_msi_release() which<br /> calls pci_free_irq_vectors(), tearing down the MSI-X vectors while IRQ<br /> handlers (for example &amp;#39;qat0-bundle0&amp;#39;) are still attached. This causes<br /> remove_proc_entry() warnings:<br /> <br /> [ 22.163964] remove_proc_entry: removing non-empty directory &amp;#39;irq/143&amp;#39;, leaking at least &amp;#39;qat0-bundle0&amp;#39;<br /> <br /> Moving the devm_add_action_or_reset() before adf_dev_up() does not solve<br /> the problem since devres runs in LIFO order and pcim_msi_release(),<br /> registered later inside adf_dev_up(), would still fire before<br /> adf_device_down().<br /> <br /> Fix by calling adf_dev_down() explicitly when adf_dev_up() fails, to<br /> properly free IRQ handlers before devres releases the MSI-X vectors.

Productos y versiones vulnerables

CPE Desde Hasta
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.16 (incluyendo) 6.18.27 (excluyendo)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (incluyendo) 7.0.4 (excluyendo)