CVE-2026-46029
Analyzed Analyzed - Analysis Complete
Memory Corruption in Linux Kernel via NMI on UP

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early from kmalloc_nolock() in NMI on UP On UP kernels (!CONFIG_SMP), spin_trylock() is a no-op that unconditionally succeeds even when the lock is already held. As a result, kmalloc_nolock() called from NMI context can re-enter the slab allocator and acquire n->list_lock that the interrupted context is already holding, corrupting slab state. With CONFIG_DEBUG_SPINLOCK on UP, the following BUG is triggered with the slub_kunit test module: BUG: spinlock trylock failure on UP on CPU#0, kunit_try_catch/243 [...] Call Trace: <NMI> dump_stack_lvl+0x3f/0x60 do_raw_spin_trylock+0x41/0x50 _raw_spin_trylock+0x24/0x50 get_from_partial_node+0x120/0x4d0 ___slab_alloc+0x8a/0x4c0 kmalloc_nolock_noprof+0x164/0x310 [...] </NMI> Fix this by returning NULL early when invoked from NMI on a UP kernel.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46029
EUVD
EUVD-2026-32410
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 6.18 (inc) to 6.18.27 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can cause corruption of the slab allocator's internal state in the Linux kernel on uniprocessor systems. Such corruption may lead to system instability, crashes, or unpredictable behavior due to memory allocation errors.

Additionally, with debugging enabled (CONFIG_DEBUG_SPINLOCK), the kernel may trigger a BUG and crash when this condition occurs, which can cause denial of service.

Detection Guidance

This vulnerability can be detected by observing kernel BUG messages related to spinlock trylock failures on UP (uniprocessor) kernels, especially when CONFIG_DEBUG_SPINLOCK is enabled.

Specifically, look for logs containing messages like: "BUG: spinlock trylock failure on UP on CPU#0" along with a call trace involving kmalloc_nolock and slab allocator functions.

To check for such messages, you can use the following command to search the kernel log:

  • dmesg | grep -i 'spinlock trylock failure'

Additionally, monitoring kernel logs for BUG messages or crashes related to slab allocator or kmalloc_nolock in NMI context can help detect this issue.

Mitigation Strategies

The vulnerability is fixed by returning NULL early from kmalloc_nolock() when invoked from NMI context on uniprocessor (UP) kernels.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • Enable CONFIG_DEBUG_SPINLOCK to help detect spinlock issues during development or testing.
  • Avoid running uniprocessor kernels if possible, or switch to SMP (Symmetric Multi-Processing) kernels where this issue does not occur.
Executive Summary

This vulnerability exists in the Linux kernel's memory allocator on uniprocessor (UP) systems where the CONFIG_SMP option is not enabled. The function spin_trylock() is a no-op that always succeeds, even if the lock is already held. As a result, when kmalloc_nolock() is called from a non-maskable interrupt (NMI) context, it can re-enter the slab allocator and acquire a lock (n->list_lock) that the interrupted context already holds. This leads to corruption of the slab allocator's internal state.

The issue is fixed by modifying kmalloc_nolock() to return NULL early when called from NMI context on UP kernels, preventing the re-entrant lock acquisition and subsequent corruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46029. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart