CVE-2026-46035

MEDIUM EPSS 2.2%
Published May 27, 20261mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: return NULL early from alloc_frozen_pages_nolock() in NMI on UP On UP kernels (!CONFIG_SMP), spin_trylock() is a no-op that unconditionally succeeds even when the lock is already held. As a result, alloc_frozen_pages_nolock() called from NMI context can re-enter rmqueue() and acquire the zone lock that the interrupted context is already holding, corrupting the freelists. With CONFIG_DEBUG_SPINLOCK on UP, the following BUG is triggered with the slub_kunit test module: BUG: spinlock trylock failure on UP on CPU#0, kunit_try_catch/243 [...] Call Trace: <NMI> dump_stack_lvl+0x3f/0x60 do_raw_spin_trylock+0x41/0x50 _raw_spin_trylock+0x24/0x50 rmqueue.isra.0+0x2a9/0xa70 get_page_from_freelist+0xeb/0x450 alloc_frozen_pages_nolock_noprof+0x111/0x1e0 allocate_slab+0x42a/0x500 ___slab_alloc+0xa7/0x4c0 kmalloc_nolock_noprof+0x164/0x310 [...] </NMI> Fix this by returning NULL early when invoked from NMI on a UP kernel.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel*≥6.18  –  <6.18.27
linuxlinux_kernel*≥6.19  –  <7.0.4
linuxlinux_kernel7.1any

References 3

  • git.kernel.org https://git.kernel.org/stable/c/05b4ed8bef30bba4f559c8d835e2dd20c48cf8a4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/620b46ed6ae17c8438d889c8c0cfddab36a1476c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a6d57efeaae3f3b3656514f600eac96be713d90e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/05b4ed8bef30bba4f559c8d835e2dd20c48cf8a4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/620b46ed6ae17c8438d889c8c0cfddab36a1476c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a6d57efeaae3f3b3656514f600eac96be713d90e
    Patch