Improper resource shutdown or release in Linux kernel - CVE-2026-46196
Published: May 29, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource shutdown or release in tracepoint_add_func() when handling tracepoint registration failures after invoking ext->regfunc(). A local user can trigger a func_add() failure during probe installation to cause a denial of service.
For syscall tracepoints, the issue can leave syscall tracing state enabled and impose persistent syscall entry and exit overhead until reboot.
How to mitigate CVE-2026-46196
Sources
- https://git.kernel.org/stable/c/247ed8a969f981bfba3112fd4bb441eaa6cef59c
- https://git.kernel.org/stable/c/2c5b8eeea006eb694c81631cd5713d494b80be90
- https://git.kernel.org/stable/c/342829e042ac00f3d68d442ea92873fb6683f494
- https://git.kernel.org/stable/c/7bcadb3c2bc1cf60690e931aadd35fb7bd646a49
- https://git.kernel.org/stable/c/fad217e16fded7f3c09f8637b0f6a224d58b5f2e