CVE-2026-43389
Received Received - Intake
Memory Corruption in Linux Kernel memfd_luo

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm: memfd_luo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a clean folio has no user data, it can be freed under memory pressure. memfd preservation with LUO saves the flag at preserve(). This is problematic. The folio might get dirtied later. Saving it at freeze() also doesn't work, since the dirty bit from PTE is normally synced at unmap and there might still be mappings of the file at freeze(). To see why this is a problem, say a folio is clean at preserve, but gets dirtied later. The serialized state of the folio will mark it as clean. After retrieve, the next kernel will see the folio as clean and might try to reclaim it under memory pressure. This will result in losing user data. Mark all folios of the file as dirty, and always set the MEMFD_LUO_FOLIO_DIRTY flag. This comes with the side effect of making all clean folios un-reclaimable. This is a cost that has to be paid for participants of live update. It is not expected to be a common use case to preserve a lot of clean folios anyway. Since the value of pfolio->flags is a constant now, drop the flags variable and set it directly.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43389
EUVD
EUVD-2026-28695
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's memory management related to memfd_luo (live update operations). It involves the handling of 'folios', which are memory pages that can be either 'dirty' (written to) or 'clean' (not containing user data). The issue arises because the system saves the dirty state of folios at a certain point (preserve()), but folios can become dirty later. When the folio's state is serialized, it might incorrectly be marked as clean even though it has been dirtied afterward.

As a result, the kernel might treat these folios as clean and reclaim them under memory pressure, leading to loss of user data. The fix is to mark all folios as dirty and always set the MEMFD_LUO_FOLIO_DIRTY flag, preventing clean folios from being reclaimed during live updates.


How can this vulnerability impact me? :

This vulnerability can lead to loss of user data because the kernel might incorrectly reclaim memory pages (folios) that have been written to but are marked as clean. Under memory pressure, these folios could be freed, causing the data they contain to be lost.

For systems using live update features with memfd_luo, this means that important data could be unexpectedly discarded, potentially causing application errors, data corruption, or system instability.


What immediate steps should I take to mitigate this vulnerability?

This vulnerability has been resolved in the Linux kernel by marking all folios of the file as dirty and always setting the MEMFD_LUO_FOLIO_DIRTY flag to prevent clean folios from being reclaimed and losing user data.

To mitigate this vulnerability, you should update your Linux kernel to the version that includes this fix released on or after 2026-05-08.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart