CVE-2026-46093

Published: May 27, 2026

Modified: May 30, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan(). However, decay_va_pool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks. Protect decay_va_pool_node() by taking vmap_purge_lock in the shrinker path to ensure serialization with purge users.

Vendor	Product	Versions
Linux	Linux	affected `7679ba6b36dbb300b757b672d6a32a606499e14b - < 687ccdf582169cd680aeaf24cc953807c4cd4345` affected `7679ba6b36dbb300b757b672d6a32a606499e14b - < 12f2341b4c235d5593a433abac201c1c6725787f` affected `7679ba6b36dbb300b757b672d6a32a606499e14b - < ec05f51f1e65bce95528543eb73fda56fd201d94`
Linux	Linux	affected `6.9` unaffected `0 - < 6.9` unaffected `6.18.27 - <= 6.18.` unaffected `7.0.4 - <= 7.0.` unaffected `7.1-rc1 - <= *`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://git.kernel.org/stable/c/687ccdf582169cd680aeaf24cc953807c4cd4345

https://git.kernel.org/stable/c/12f2341b4c235d5593a433abac201c1c6725787f

https://git.kernel.org/stable/c/ec05f51f1e65bce95528543eb73fda56fd201d94

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-46093

Description

Affected Products

CVSS v3.1 Details

References