CVE-2026-46277 PUBLISHED

mm/zone_device: do not touch device folio after calling ->folio_free()

Assigner: Linux
Reserved: 13.05.2026 Published: 08.06.2026 Updated: 14.06.2026

In the Linux kernel, the following vulnerability has been resolved:

mm/zone_device: do not touch device folio after calling ->folio_free()

The contents of a device folio can immediately change after calling ->folio_free(), as the folio may be reallocated by a driver with a different order. Instead of touching the folio again to extract the pgmap, use the local stack variable when calling percpu_ref_put_many().

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from d245f9b4ab806733a77e51a218ca7b8bc3135cd9 to 85be0a262e39c706edb53c88af8afde2e98222ba (excl.) affected from d245f9b4ab806733a77e51a218ca7b8bc3135cd9 to 39928984956037cabd304321cb8f342e47421db5 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.19 is affected unaffected from 0 to 6.19 (excl.) unaffected from 7.0.4 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

CVE-2026-46277 PUBLISHED

mm/zone_device: do not touch device folio after calling ->folio_free()

Metrics

Product Status

References