SB2026061088 - Out-of-bounds write in Linux kernel mm

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026061088

SB2026061088 - Out-of-bounds write in Linux kernel mm

Published: June 10, 2026

Security Bulletin ID SB2026061088
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Out-of-bounds write (CVE-ID: CVE-2026-46281)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to out-of-bounds write in vrealloc_node_align_noprof() when reallocating and shrinking an existing vmalloc allocation that requires a new allocation. A local user can trigger the vulnerable reallocation path to cause a denial of service.

The issue occurs when the existing pointer is on the wrong NUMA node or does not satisfy an alignment constraint, causing data from the old allocation to be copied into a smaller new buffer.


Remediation

Install update from vendor's website.

References