CVE-2026-46115
Memory Corruption in Linux Kernel
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's block subsystem, specifically in the function biovec_phys_mergeable(). This function is responsible for deciding if two physically contiguous bvec segments can be merged into one. However, it lacked a check to determine if these segments belong to different dev_pagemaps.
When zone device memory is registered in multiple chunks, each chunk has its own dev_pagemap. A single bio can contain bvecs from different pgmaps. The current merging logic can incorrectly merge physically contiguous bvecs from different pgmaps, making it impossible to correctly identify the original pgmap for the merged segment.
The fix adds a check called zone_device_pages_have_same_pgmap() to prevent merging bvec segments that span different pgmaps, ensuring the integrity of the mapping information.
How can this vulnerability impact me? :
This vulnerability can cause incorrect merging of memory segments that belong to different device page maps. As a result, the system may lose the ability to correctly track the original memory mappings.
Such incorrect merging could potentially lead to data integrity issues or unexpected behavior in memory management, especially in systems using zone device memory registered in multiple chunks.