CVE-2026-46268
PCI/P2PDMA Page Refcount Warning in Linux Kernel
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's PCI/P2PDMA subsystem. It involves a warning condition in the function p2pmem_alloc_mmap(). Previously, the initial page reference count for a p2pdma page was changed from one to zero, but the code still asserted that the page reference count should not be zero, causing a warning when CONFIG_DEBUG_VM was enabled.
The issue was that the assertion condition used "VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))" incorrectly expected the page reference count to be non-zero, which conflicted with the actual initial count of zero. The fix was to adjust the assertion to correctly use "page_ref_count(page)" as the condition.
How can this vulnerability impact me? :
This vulnerability primarily causes warning messages and potential debugging interruptions when the Linux kernel is compiled with CONFIG_DEBUG_VM enabled. It does not indicate a security breach or direct system compromise.
The impact is limited to kernel debugging and stability during development or troubleshooting, as the warning could lead to confusion or misinterpretation of the system's memory management state.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing warning messages related to page reference counts in the kernel logs when CONFIG_DEBUG_VM is enabled.
Specifically, the following warning message indicates the issue: "VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))" along with details such as "page: refcount:0 mapcount:0" and a kernel warning at drivers/pci/p2pdma.c:240 in the function p2pmem_alloc_mmap.
To detect this on your system, you can check the kernel log for such warnings using commands like:
- dmesg | grep -i 'VM_WARN_ON_ONCE_PAGE'
- journalctl -k | grep -i 'p2pmem_alloc_mmap'
- grep -i 'page_ref_count' /var/log/kern.log
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by correcting the assertion condition in the p2pmem_alloc_mmap() function to properly use page_ref_count(page).
Immediate mitigation steps include:
- Update your Linux kernel to a version that includes the fix (commit b7e282378773 or later).
- Ensure that CONFIG_DEBUG_VM is enabled only in development or debugging environments, as it triggers these warnings.
- Monitor kernel logs for related warnings to confirm the issue is resolved after updating.