CVE-2026-46093

HIGH

mm/vmalloc: take vmap_purge_lock in shrinker

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan(). However, decay_va_pool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks. Protect decay_va_pool_node() by taking vmap_purge_lock in the shrinker path to ensure serialization with purge users.

Scores

CVSS v3 7.8
EPSS 0.0013
EPSS Percentile 2.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (12)
linux/Kernel 6.19.0 - 7.0.4linux
linux/Kernel 6.9.0 - 6.18.27linux
Linux/Linux < 6.9
Linux/Linux 6.18.27 - 6.18.*
Linux/Linux 6.9
Linux/Linux 7.0.4 - 7.0.*
Linux/Linux 7.1
Linux/Linux 7.1-rc1
Linux/Linux 7679ba6b36dbb300b757b672d6a32a606499e14b - 12f2341b4c235d5593a433abac201c1c6725787f
Linux/Linux 7679ba6b36dbb300b757b672d6a32a606499e14b - 687ccdf582169cd680aeaf24cc953807c4cd4345
... and 2 more
Published May 27, 2026
Tracked Since May 27, 2026