In the Linux kernel, the following vulnerability has been resolved:
mm/slab: return NULL early from kmalloc_nolock() in NMI on UP
On UP kernels (!CONFIGSMP), spintrylock() is a no-op that unconditionally succeeds even when the lock is already held. As a result, kmallocnolock() called from NMI context can re-enter the slab allocator and acquire n->listlock that the interrupted context is already holding, corrupting slab state.
With CONFIGDEBUGSPINLOCK on UP, the following BUG is triggered with the slub_kunit test module:
BUG: spinlock trylock failure on UP on CPU#0, kunittrycatch/243 [...] Call Trace: <NMI> dumpstacklvl+0x3f/0x60 dorawspintrylock+0x41/0x50 rawspintrylock+0x24/0x50 getfrompartial_node+0x120/0x4d0 __slaballoc+0x8a/0x4c0 kmallocnolocknoprof+0x164/0x310 [...] </NMI>
Fix this by returning NULL early when invoked from NMI on a UP kernel.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46029.json"
}