PatchSiren cyber security CVE debrief
CVE-2026-46280 Linux CVE debrief
A use-after-free vulnerability was discovered in the Linux kernel's test_hmm module. The vulnerability occurs when the dmirror_fops_release() function is called, which frees the dmirror struct without migrating device private pages back to system memory. This leaves the pages with a dangling zone_device_data pointer to the freed dmirror. If a subsequent fault occurs on those pages, the dmirror_devmem_fault() callback dereferences the stale pointer, causing a kernel panic.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-14
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-14
Who should care
Linux kernel developers and users who rely on the test_hmm module.
Technical summary
The vulnerability is caused by the dmirror_fops_release() function not migrating device private pages back to system memory before freeing the dmirror struct. This can lead to a kernel panic when a subsequent fault occurs on those pages.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patches provided by the Linux kernel maintainers to fix the vulnerability.
- Use the latest Linux kernel version that includes the fix.
Evidence notes
The vulnerability was reported by Zenghui Yu and analyzed by Lorenzo.
Official resources
-
CVE-2026-46280 CVE record
CVE.org
-
CVE-2026-46280 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
public