CVE-2026-45880
Analyzed Analyzed - Analysis Complete

PCI/P2PDMA Memory Leak in Linux Kernel

Vulnerability report for CVE-2026-45880, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-27

Last updated on: 2026-06-25

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails When vm_insert_page() fails in p2pmem_alloc_mmap(), p2pmem_alloc_mmap() doesn't invoke percpu_ref_put() to free the per-CPU ref of pgmap acquired after gen_pool_alloc_owner(), and memunmap_pages() will hang forever when trying to remove the PCI device. Fix it by adding the missed percpu_ref_put().

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-27
Last Modified
2026-06-25
Generated
2026-07-06
AI Q&A
2026-05-28
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.14 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

The vulnerability has been resolved by adding the missed percpu_ref_put() call in the Linux kernel code to properly release per-CPU references when vm_insert_page() fails.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Executive Summary

This vulnerability exists in the Linux kernel's PCI/P2PDMA subsystem. Specifically, when the function vm_insert_page() fails inside p2pmem_alloc_mmap(), the code does not call percpu_ref_put() to release a per-CPU reference of pgmap that was previously acquired. As a result, when memunmap_pages() tries to remove the PCI device, it hangs indefinitely because the reference was never freed.

The issue is fixed by adding the missing percpu_ref_put() call to properly release the reference.

Impact Analysis

This vulnerability can cause the system to hang indefinitely when attempting to remove a PCI device because the reference count on a per-CPU resource is never released. This can lead to resource leaks and system instability, potentially requiring a reboot or manual intervention to recover.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45880. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart