SB20260508141 - Race condition in Linux kernel mm



SB20260508141 - Race condition in Linux kernel mm

Published: May 8, 2026

Security Bulletin ID SB20260508141
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Race condition (CVE-ID: CVE-2026-43389)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a loss of user data.

The vulnerability exists due to improper state synchronization in memfd_luo folio dirty-state handling when preserving and retrieving serialized folios. A local user can preserve a memfd file whose folios are modified after preservation to cause a loss of user data.

The issue occurs because folios recorded as clean can later become dirty before retrieval, and the restored kernel may reclaim them under memory pressure.


Remediation

Install update from vendor's website.