In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - fix IRQ cleanup on 6xxx probe failure
When adfdevup() partially completes and then fails, the IRQ handlers registered during adfisrresource_alloc() are not detached before the MSI-X vectors are released.
Since the device is enabled with pcimenabledevice(), calling pciallocirqvectors() internally registers pcimmsirelease() as a devres action. On probe failure, devres runs pcimmsirelease() which calls pcifreeirqvectors(), tearing down the MSI-X vectors while IRQ handlers (for example 'qat0-bundle0') are still attached. This causes removeprocentry() warnings:
[ 22.163964] remove_proc_entry: removing non-empty directory 'irq/143', leaking at least 'qat0-bundle0'
Moving the devmaddactionorreset() before adfdevup() does not solve the problem since devres runs in LIFO order and pcimmsirelease(), registered later inside adfdevup(), would still fire before adfdevicedown().
Fix by calling adfdevdown() explicitly when adfdevup() fails, to properly free IRQ handlers before devres releases the MSI-X vectors.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46060.json"
}