In the Linux kernel, the following vulnerability has been resolved:
mm/vmalloc: take vmappurgelock in shrinker
decayvapool_node() can be invoked concurrently from two paths: __purgevmaparealazy() when pools are being purged, and the shrinker via vmapnodeshrinkscan().
However, decayvapool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks.
Protect decayvapoolnode() by taking vmappurge_lock in the shrinker path to ensure serialization with purge users.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46093.json"
}