Skip to main content

Linux Kernel CVE-2026-46256

| EUVDEUVD-2026-34118 MEDIUM
Improper Locking (CWE-667)
2026-06-03 Linux GHSA-44f9-rxj6-p8rg
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 20:26 vuln.today
CVSS changed
Jun 09, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:49 nvd
MEDIUM 5.5
CVE Published
Jun 03, 2026 - 15:49 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages

LOCALIO is an NFS loopback mount optimization that avoids using the network for READ, WRITE and COMMIT if the NFS client and server are determined to be on the same system. But because LOCALIO is still fundamentally "just NFS loopback mount" it is susceptible to recursion deadlock via direct reclaim, e.g.: NFS LOCALIO down to XFS and then back into NFS via nfs_writepages.

Fix LOCALIO's potential for direct reclaim deadlock by ensuring that all its page cache allocations are done from GFP_NOFS context.

Thanks to Ben Coddington for pointing out commit ad22c7a043c2 ("xfs: prevent stack overflows from page cache allocation").

AnalysisAI

Denial-of-service via recursion deadlock in the Linux kernel's NFS LOCALIO subsystem when direct memory reclaim occurs on systems using loopback NFS mounts. The LOCALIO optimization - which bypasses network I/O when NFS client and server share the same host - fails to restrict its page cache allocations to GFP_NOFS context, allowing the kernel memory allocator to re-enter NFS via nfs_writepages during reclaim (path: NFS LOCALIO → XFS → NFS), producing a deadlock and kernel hang. No public exploit exists and EPSS stands at 0.02% (4th percentile), consistent with a kernel subsystem defect that requires a specific local configuration rather than a broadly exploitable condition. Vendor-released patches are available across stable kernel branches.

Technical ContextAI

The root cause is classified as CWE-667 (Improper Locking). Linux kernel NFS LOCALIO (introduced as a loopback optimization) performs page cache allocations without constraining them to GFP_NOFS (No File System) context. The GFP_NOFS flag is the standard kernel mechanism to prevent memory allocators from calling back into filesystems during reclaim - omitting it on a path that sits atop XFS and feeds back into NFS creates a circular dependency. The analogous protection in XFS was added in commit ad22c7a043c2 ('xfs: prevent stack overflows from page cache allocation'), which the kernel developers explicitly credit as the model for this fix. CPE data identifies the affected component as cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*, covering multiple stable branches prior to the fix commits referenced in the EUVD entry. Notably, the 'Buffer Overflow' tag attached to this CVE appears to be a mislabeling by the tagging source - the actual defect is a locking/reclaim recursion issue with no memory corruption component.

RemediationAI

Upgrade to a patched kernel version: Linux 6.18.14, Linux 6.19.4, or Linux 7.0 and later, as confirmed by EUVD version data. The upstream fix commits are available at https://git.kernel.org/stable/c/ae26a4cf2baf0a44c538dc093504d1994b02dade, https://git.kernel.org/stable/c/6a5de0c4fc0f217eea945d3d72c34ee30d72cbc9, and https://git.kernel.org/stable/c/67435d2d8a33a75f9647724952cb1b18279d2e95 for the respective stable branches. If an immediate kernel upgrade is not feasible, the specific workaround is to disable NFS LOCALIO optimization on affected mounts - this prevents the vulnerable code path from being reached entirely, at the cost of losing the loopback I/O performance benefit for co-located NFS traffic. Restricting write-heavy workloads on LOCALIO-mounted filesystems reduces but does not eliminate the memory reclaim trigger path and should not be relied upon as a primary mitigation. Distribution-specific kernel packages from major vendors (RHEL, SUSE, Ubuntu) should be monitored for backported fixes if the above upstream versions are not directly applicable.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

CVE-2026-46256 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy