Description
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan(). However, decay_va_pool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks. Protect decay_va_pool_node() by taking vmap_purge_lock in the shrinker path to ensure serialization with purge users.
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
2.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (12)
linux/Kernel
6.19.0 - 7.0.4linux
linux/Kernel
6.9.0 - 6.18.27linux
Linux/Linux
< 6.9
Linux/Linux
6.18.27 - 6.18.*
Linux/Linux
6.9
Linux/Linux
7.0.4 - 7.0.*
Linux/Linux
7.1
Linux/Linux
7.1-rc1
Linux/Linux
7679ba6b36dbb300b757b672d6a32a606499e14b - 12f2341b4c235d5593a433abac201c1c6725787f
Linux/Linux
7679ba6b36dbb300b757b672d6a32a606499e14b - 687ccdf582169cd680aeaf24cc953807c4cd4345
... and 2 more
Published
May 27, 2026
Tracked Since
May 27, 2026