CVE Catalog

CVE-2026-46093

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the mm/vmalloc module where the decay_va_pool_node() function could be invoked concurrently from two paths: during pool purging and via the shrinker mechanism. The lack of serialization in the shrinker path leads to races and potential memory leaks. The fix introduces the vmap_purge_lock in the shrinker path to ensure proper serialization.

Risk Assessment

Concurrent execution of the function without synchronization can lead to kernel data structure corruption and memory leaks, potentially causing system performance degradation or instability over time.

Recommendation

Apply the latest Linux kernel patch that includes the fix for the mm/vmalloc module. The update eliminates the race condition by adding the appropriate lock in the shrinker path.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan(). However, decay_va_pool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks. Protect decay_va_pool_node() by taking vmap_purge_lock in the shrinker path to ensure serialization with purge users.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS