CVE-2026-46292 is a Linux kernel vulnerability affecting the power management domain (pmdomain) subsystem, specifically a flaw in the detach procedure for virtual devices within the Generic Power Domain (genpd) framework. While published via Microsoft’s Security Response Centre in the context of Azure, this is a kernel-level issue that could affect Linux-based virtual machines and container hosts. Improper handling of virtual device detachment may lead to memory corruption or instability, with potential security implications depending on exploitability.

Security Architect’s Take: Review whether your Azure Linux VM or AKS node pool images are running kernel versions affected by this flaw, and prioritise patching through your standard OS update pipeline or by adopting Microsoft’s latest endorsed Linux images. If you operate workloads with elevated kernel exposure — such as nested virtualisation or custom kernel modules — treat this with heightened urgency.

Original advisory: CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd