In the Linux kernel, the following vulnerability has been resolved:
mm/memfdluo: fix physical address conversion in putfolios cleanup
In memfdluoretrievefolios()'s putfolios cleanup path:
khorestorefolio() expects a physaddrt (physical address) but receives a raw PFN (pfolio->pfn). This causes khorestorepage() to check the wrong physical address (pfn << PAGE_SHIFT instead of the actual physical address).
This loop lacks the !pfolio->pfn check that exists in the main retrieval loop and memfdluodiscard_folios(), which could incorrectly process sparse file holes where pfn=0.
Fix by converting PFN to physical address with PFN_PHYS() and adding the !pfolio->pfn check, matching the pattern used elsewhere in this file.
This issue was identified by the AI review. https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46013.json"
}