CVE-2026-46017 Linux CVE debrief

Who should care

Linux system administrators running kernels with transparent hugepage support or workloads involving memory migration; kernel developers and distribution maintainers responsible for stable kernel updates

Technical summary

The Linux kernel's migrate_folio_move() function recorded deferred split queue state from a source folio and replayed it on a destination folio after remove_migration_ptes(src, dst, 0) was called. This ordering created a window where the destination folio was visible before being requeued, allowing a concurrent rmap-removal path to mark it partially mapped and trigger a WARN in deferred_split_folio(). The fix reorders operations to requeue the destination folio before it becomes visible again. Additionally, deferred_split_scan() was modified to requeue a folio when folio_trylock() fails, preventing fully mapped underused folios from being silently lost from the split_queue by the shrinker during migration.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from the stable kernel git repository when available for your distribution
• Monitor vendor security advisories for kernel updates addressing this issue
• Review systems running workloads with heavy memory migration or transparent hugepage usage for stability concerns
• Consider enabling kernel lockdep or other debugging facilities if stability issues are suspected in memory management paths

Evidence notes

The vulnerability description is derived from the official CVE record and NVD source data. The technical details regarding migrate_folio_move(), deferred_split_folio(), and the race condition are taken directly from the CVE description. The fix involves reordering operations and adding lock handling in deferred_split_scan().

Official resources