CVE-2026-46290

Source
https://cve.org/CVERecord?id=CVE-2026-46290
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46290.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46290
Downstream
Related
Published
2026-06-08T15:46:17.224Z
Modified
2026-06-18T03:56:26.009232055Z
Summary
x86/efi: Fix graceful fault handling after FPU softirq changes
Details

In the Linux kernel, the following vulnerability has been resolved:

x86/efi: Fix graceful fault handling after FPU softirq changes

Since commit d02198550423 ("x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs"), kernelfpubegin() calls fpregslock() which uses localbhdisable() instead of the previous preemptdisable(). This sets SOFTIRQOFFSET in preemptcount during the entire EFI runtime service call, causing in_interrupt() to return true in normal task context.

The graceful page fault handler eficrashgracefullyonpagefault() uses ininterrupt() to bail out for faults in real interrupt context. With SOFTIRQOFFSET now set, the handler always bails out, leaving EFI firmware page faults unhandled. This escalates to die() which also sees ininterrupt() as true and calls panic("Fatal exception in interrupt"), resulting in a hard system freeze. On systems with buggy firmware that triggers page faults during EFI runtime calls (e.g., accessing unmapped memory in GetTime()), this causes an unrecoverable hang instead of the expected graceful EFI_ABORTED recovery.

Fix by replacing ininterrupt() with !intask(). This preserves the original intent of bailing for interrupts or NMI faults, while no longer falsely triggering from the FPU code path's localbhdisable().

[ardb: Sashiko spotted that using 'inhardirq() || innmi()' leaves a window where a softirq may be taken before fpregslock() is called, but after efirtswork.efirtsid has been assigned, and any page faults occurring in that window will then be misidentified as having been caused by the firmware. Instead, use !intask(), which incorporates inservingsoftirq(). ]

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46290.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d02198550423a0b695e7a24ec77153209ad45b09
Fixed
22b365ba1af3d8c6036b8e5112fffe80998b85a0
Fixed
db155b86d1523e85941f61efd7d7ffb594cc9a29
Fixed
088f65e206087bf903743bd18417261d7a4c9644

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46290.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.15.0
Fixed
6.18.30
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46290.json"