SB20260508141 - Race condition in Linux kernel mm
Published: May 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Race condition (CVE-ID: CVE-2026-43389)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a loss of user data.
The vulnerability exists due to improper state synchronization in memfd_luo folio dirty-state handling when preserving and retrieving serialized folios. A local user can preserve a memfd file whose folios are modified after preservation to cause a loss of user data.
The issue occurs because folios recorded as clean can later become dirty before retrieval, and the restored kernel may reclaim them under memory pressure.
Remediation
Install update from vendor's website.