CVE-2026-46013
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/memfd_luo: fix physical address conversion in put_folios cleanup
In memfd_luo_retrieve_folios()'s put_folios cleanup path:
kho_restore_folio() expects a phys_addr_t (physical address) but receives a raw PFN (pfolio->pfn). This causes kho_restore_page() to check the wrong physical address (pfn << PAGE_SHIFT instead of the actual physical address).
This loop lacks the !pfolio->pfn check that exists in the main retrieval loop and memfd_luo_discard_folios(), which could incorrectly process sparse file holes where pfn=0.
Fix by converting PFN to physical address with PFN_PHYS() and adding the !pfolio->pfn check, matching the pattern used elsewhere in this file.
This issue was identified by the AI review. https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b3749f174d686627f702234e64bad976dc432dbc < bd0d6bde286a2b8e3ae7975b0dcc2d43875d5fc9 | affected |
| Linux | Linux | b3749f174d686627f702234e64bad976dc432dbc < 3538f90ab89aaf302782b4b073a0aae66904cd67 | affected |
| Linux | Linux | 6.19 | affected |
| Linux | Linux | 0 < 6.19 | unaffected |
| Linux | Linux | 7.0.4 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/bd0d6bde286a2b8e3ae7975b0dcc2d43875d5fc9
- https://git.kernel.org/stable/c/3538f90ab89aaf302782b4b073a0aae66904cd67
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.