CVE-2026-46281
Received Received - Intake
vmalloc Buffer Overflow in Linux Kernel

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vrealloc_node_align() Commit 4c5d3365882d ("mm/vmalloc: allow to set node and align in vrealloc") added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an alignment constraint is not met, even if the user is shrinking the allocation. On this path (need_realloc), the code allocates a new object of 'size' bytes and then memcpy()s 'old_size' bytes into it. If the request is to shrink the object (size < old_size), this results in an out-of-bounds write on the new buffer. Fix this by bounding the copy length by the new allocation size.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-46281
EUVD
EUVD-2026-35146
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's vmalloc subsystem, specifically in the function vrealloc_node_align(). A recent change allowed forcing a new memory allocation if the current pointer is on the wrong NUMA node or does not meet alignment constraints, even when shrinking the allocation.

During this process, the code allocates a new buffer of the requested size and copies the old data into it using memcpy(). However, if the new requested size is smaller than the old size (shrinking), the memcpy() copies more data than the new buffer can hold, causing a buffer overflow (out-of-bounds write).

The fix bounds the copy length by the new allocation size to prevent this overflow.

Impact Analysis

This vulnerability can lead to a buffer overflow in kernel memory when shrinking vmalloc allocations under certain conditions. Such an out-of-bounds write can cause memory corruption, potentially leading to system instability, crashes, or exploitation by attackers to execute arbitrary code with kernel privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46281. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart