CVE-2026-46017
MediumCVSS 4.7Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A vulnerability in the Linux kernel related to race conditions in the split queue during migration has been fixed. The issue involved improper management of the queue state, which could lead to incorrect marking of memory as partially mapped.
Risk Assessment
Organizations may face memory integrity issues, potentially leading to system crashes or unexpected application behavior. In particular, improper memory management could impact the stability and security of systems based on the Linux kernel.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper memory management during migration.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migrate_folio_move() records the deferred split queue state from src and replays it on dst. Replaying it after remove_migration_ptes(src, dst, 0) makes dst visible before it is requeued, so a concurrent rmap-removal path can mark dst partially mapped and trip the WARN in deferred_split_folio(). Move the requeue before remove_migration_ptes() so dst is back on the deferred split queue before it becomes visible again. Because migration still holds dst locked at that point, teach deferred_split_scan() to requeue a folio when folio_trylock() fails. Otherwise a fully mapped underused folio can be dequeued by the shrinker and silently lost from split_queue. [[email protected]: move the comment]

