CVE-2026-46281
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
A buffer overflow vulnerability was found in the Linux kernel's vrealloc_node_align() function. It occurs when shrinking an allocation, as the code copies old_size bytes into a smaller new buffer, causing an out-of-bounds write.
Risk Assessment
An attacker could exploit this vulnerability to write beyond the buffer bounds, potentially leading to memory corruption, system crash, or privilege escalation.
Recommendation
Immediately update the Linux kernel to a version that includes the fix limiting the copy length to the new allocation size.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vrealloc_node_align() Commit 4c5d3365882d ("mm/vmalloc: allow to set node and align in vrealloc") added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an alignment constraint is not met, even if the user is shrinking the allocation. On this path (need_realloc), the code allocates a new object of 'size' bytes and then memcpy()s 'old_size' bytes into it. If the request is to shrink the object (size < old_size), this results in an out-of-bounds write on the new buffer. Fix this by bounding the copy length by the new allocation size.

