CVE-2026-45880
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the PCI/P2PDMA mechanism. When vm_insert_page() fails in p2pmem_alloc_mmap(), the per-CPU pgmap reference is not released, causing memunmap_pages() to hang forever when trying to remove the PCI device.
Risk Assessment
The risk involves potential system hang or blocking of PCI device removal operations, which may lead to service unavailability or require a machine reboot.
Recommendation
Apply a Linux kernel patch that adds the missing percpu_ref_put() call when vm_insert_page() fails in p2pmem_alloc_mmap().
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails When vm_insert_page() fails in p2pmem_alloc_mmap(), p2pmem_alloc_mmap() doesn't invoke percpu_ref_put() to free the per-CPU ref of pgmap acquired after gen_pool_alloc_owner(), and memunmap_pages() will hang forever when trying to remove the PCI device. Fix it by adding the missed percpu_ref_put().

