CVE-2026-46013

MEDIUM

mm/memfd_luo: fix physical address conversion in put_folios cleanup

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: mm/memfd_luo: fix physical address conversion in put_folios cleanup In memfd_luo_retrieve_folios()'s put_folios cleanup path: 1. kho_restore_folio() expects a phys_addr_t (physical address) but receives a raw PFN (pfolio->pfn). This causes kho_restore_page() to check the wrong physical address (pfn << PAGE_SHIFT instead of the actual physical address). 2. This loop lacks the !pfolio->pfn check that exists in the main retrieval loop and memfd_luo_discard_folios(), which could incorrectly process sparse file holes where pfn=0. Fix by converting PFN to physical address with PFN_PHYS() and adding the !pfolio->pfn check, matching the pattern used elsewhere in this file. This issue was identified by the AI review. https://sashiko.dev/#/patchset/[email protected]

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 1.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (9)
linux/Kernel 6.19.0 - 7.0.4linux
Linux/Linux < 6.19
Linux/Linux 6.19
Linux/Linux 7.0.4 - 7.0.*
Linux/Linux 7.1
Linux/Linux 7.1-rc1
Linux/Linux b3749f174d686627f702234e64bad976dc432dbc - 3538f90ab89aaf302782b4b073a0aae66904cd67
Linux/Linux b3749f174d686627f702234e64bad976dc432dbc - bd0d6bde286a2b8e3ae7975b0dcc2d43875d5fc9
linux/linux_kernel 6.19 - 7.0.4
Published May 27, 2026
Tracked Since May 27, 2026