CVE-2026-46035
Awaiting Analysis Awaiting Analysis - Queue
Memory Corruption in Linux Kernel NMI Context

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: return NULL early from alloc_frozen_pages_nolock() in NMI on UP On UP kernels (!CONFIG_SMP), spin_trylock() is a no-op that unconditionally succeeds even when the lock is already held. As a result, alloc_frozen_pages_nolock() called from NMI context can re-enter rmqueue() and acquire the zone lock that the interrupted context is already holding, corrupting the freelists. With CONFIG_DEBUG_SPINLOCK on UP, the following BUG is triggered with the slub_kunit test module: BUG: spinlock trylock failure on UP on CPU#0, kunit_try_catch/243 [...] Call Trace: <NMI> dump_stack_lvl+0x3f/0x60 do_raw_spin_trylock+0x41/0x50 _raw_spin_trylock+0x24/0x50 rmqueue.isra.0+0x2a9/0xa70 get_page_from_freelist+0xeb/0x450 alloc_frozen_pages_nolock_noprof+0x111/0x1e0 allocate_slab+0x42a/0x500 ___slab_alloc+0xa7/0x4c0 kmalloc_nolock_noprof+0x164/0x310 [...] </NMI> Fix this by returning NULL early when invoked from NMI on a UP kernel.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46035
EUVD
EUVD-2026-32416
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 6.18 (inc) to 6.18.27 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel on uniprocessor (UP) systems where the spin_trylock() function is a no-op that always succeeds, even if the lock is already held. Specifically, when the function alloc_frozen_pages_nolock() is called from a non-maskable interrupt (NMI) context, it can re-enter the rmqueue() function and acquire a zone lock that the interrupted context already holds. This causes corruption of the freelists, which manage free memory pages.

The issue triggers a BUG when CONFIG_DEBUG_SPINLOCK is enabled on UP kernels, as demonstrated by the slub_kunit test module. The fix involves returning NULL early from alloc_frozen_pages_nolock() when it is invoked from NMI context on UP kernels, preventing the problematic re-entrance and lock corruption.

Impact Analysis

This vulnerability can lead to corruption of the freelists in the Linux kernel's memory management on uniprocessor systems. Such corruption may cause system instability, crashes, or unpredictable behavior due to improper memory allocation and management.

Additionally, if CONFIG_DEBUG_SPINLOCK is enabled, the system may trigger a BUG and halt execution when this issue occurs, potentially causing downtime or requiring a reboot.

Detection Guidance

This vulnerability can be detected by observing a specific BUG triggered when CONFIG_DEBUG_SPINLOCK is enabled on UP (uniprocessor) kernels. The BUG message is "spinlock trylock failure on UP on CPU#0" and can appear during the execution of the slub_kunit test module.

To detect this issue, you can enable CONFIG_DEBUG_SPINLOCK in your kernel configuration and run the slub_kunit test module. Monitoring kernel logs (e.g., using dmesg) for the BUG message related to spinlock trylock failure can help identify the vulnerability.

No specific commands are provided in the available information.

Mitigation Strategies

The vulnerability is fixed by returning NULL early from alloc_frozen_pages_nolock() when invoked from NMI context on UP kernels. Therefore, the immediate mitigation is to update the Linux kernel to a version that includes this fix.

Enabling CONFIG_DEBUG_SPINLOCK can help detect the issue during testing, but the primary mitigation is to apply the patch or upgrade the kernel to the fixed version.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46035. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart