CVE-2026-45880 Linux CVE debrief

Who should care

Linux system administrators managing servers with PCI P2PDMA-capable devices; kernel maintainers; organizations running workloads that utilize peer-to-peer DMA between PCI devices

Technical summary

The vulnerability exists in drivers/pci/p2pdma.c in the p2pmem_alloc_mmap() function. After successfully allocating memory from the gen_pool via gen_pool_alloc_owner(), a per-CPU reference is acquired via percpu_ref_get(). If the subsequent vm_insert_page() call fails to map the page into user space, the error handling path returns without calling percpu_ref_put() to release the reference. This leaves the pgmap reference count elevated. When the PCI device is later removed, memunmap_pages() waits indefinitely for the reference count to reach zero, causing a hang. The fix adds the missing percpu_ref_put() call in the error path before returning.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available from your Linux distribution
• Monitor NVD for CVSS scoring once analysis is complete
• Review systems utilizing PCI P2PDMA functionality for stability issues during device hotplug operations
• Consider proactive patching for systems with high-availability requirements for PCI device management

Evidence notes

Vulnerability description confirms missing percpu_ref_put() in error path when vm_insert_page() fails. Kernel commit references indicate fixes applied to stable branches. No CVSS score assigned yet by NVD (status: Awaiting Analysis).

Official resources