CVE-2026-46093

Source
https://cve.org/CVERecord?id=CVE-2026-46093
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46093.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46093
Downstream
Related
Published
2026-05-27T12:58:43.458Z
Modified
2026-06-27T11:55:19.141471225Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
mm/vmalloc: take vmap_purge_lock in shrinker
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/vmalloc: take vmappurgelock in shrinker

decayvapool_node() can be invoked concurrently from two paths: __purgevmaparealazy() when pools are being purged, and the shrinker via vmapnodeshrinkscan().

However, decayvapool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks.

Protect decayvapoolnode() by taking vmappurge_lock in the shrinker path to ensure serialization with purge users.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46093.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7679ba6b36dbb300b757b672d6a32a606499e14b
Fixed
687ccdf582169cd680aeaf24cc953807c4cd4345
Fixed
12f2341b4c235d5593a433abac201c1c6725787f
Fixed
ec05f51f1e65bce95528543eb73fda56fd201d94

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46093.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46093.json"