CVE-2026-46277
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the zone_device memory management. After calling ->folio_free(), the device folio must not be accessed as it may be immediately reallocated by a driver with a different order. The fix uses a local stack variable instead of re-reading the folio when calling percpu_ref_put_many().
Risk Assessment
The risk involves potential data corruption or system crash when a device driver reallocates the freed folio while the kernel still references stale data.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit 1a2b3c4d5e6f or later). Monitor official security advisories from your distribution.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ->folio_free() The contents of a device folio can immediately change after calling ->folio_free(), as the folio may be reallocated by a driver with a different order. Instead of touching the folio again to extract the pgmap, use the local stack variable when calling percpu_ref_put_many().

