CVE-2026-46093

HIGH 7.8

mm/vmalloc: take vmap_purge_lock in shrinker

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan(). However, decay_va_pool_node() is not safe to run concurrently, and the shrinker path currently lacks serialization, leading to races and possible leaks. Protect decay_va_pool_node() by taking vmap_purge_lock in the shrinker path to ensure serialization with purge users.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 27, 2026
Last Updated	May 30, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

7679ba6b36dbb300b757b672d6a32a606499e14b < 687ccdf582169cd680aeaf24cc953807c4cd4345 7679ba6b36dbb300b757b672d6a32a606499e14b < 12f2341b4c235d5593a433abac201c1c6725787f 7679ba6b36dbb300b757b672d6a32a606499e14b < ec05f51f1e65bce95528543eb73fda56fd201d94

Linux / Linux

6.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/687ccdf582169cd680aeaf24cc953807c4cd4345 git.kernel.org: https://git.kernel.org/stable/c/12f2341b4c235d5593a433abac201c1c6725787f git.kernel.org: https://git.kernel.org/stable/c/ec05f51f1e65bce95528543eb73fda56fd201d94