CVE-2026-46013 Linux CVE debrief

Who should care

Linux kernel maintainers, system administrators running Linux systems with memfd_luo support, security teams tracking kernel memory management vulnerabilities, and organizations using AI-assisted code review processes

Technical summary

CVE-2026-46013 is a resolved vulnerability in the Linux kernel's memfd_luo (memory file descriptor with large/unique objects) subsystem. The bug occurred in memfd_luo_retrieve_folios()'s put_folios cleanup path where kho_restore_folio() incorrectly received a raw page frame number (PFN) instead of a converted physical address. This caused kho_restore_page() to validate the wrong address (pfn << PAGE_SHIFT rather than the actual physical address). Additionally, the cleanup path was missing a !pfolio->pfn check that exists in the main retrieval loop and memfd_luo_discard_folios(), which could lead to incorrect processing of sparse file holes where pfn=0. The resolution applies PFN_PHYS() macro for proper address conversion and adds the missing pfn validation, aligning with patterns used elsewhere in the file. The vulnerability was discovered through AI-assisted code review.

Defensive priority

medium

Recommended defensive actions

• Review kernel version and apply stable kernel updates containing the fix commits
• Verify memfd_luo functionality is not required for critical workloads if temporary mitigation is needed
• Monitor kernel changelogs for memfd_luo-related fixes in your distribution's kernel package
• Consider disabling memfd_luo if not required and if your kernel configuration permits
• Audit systems for any unusual memory management behavior that could indicate exploitation attempts

Evidence notes

The vulnerability description indicates this was identified by AI review and has been resolved in the Linux kernel. The fix involves proper PFN-to-physical-address conversion and validation checks matching patterns used elsewhere in the memfd_luo implementation.

Official resources