Skip to main content

Linux Kernel CVE-2026-46327

| EUVDEUVD-2026-35428 HIGH
2026-06-09 Linux GHSA-w5j4-wm72-f9fp
High
Disputed · 7.8 Vendor: Linux
Share

Severity by source

Sources disagree (Low–High)
Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.0 HIGH

Local access with low privileges (PR:L) is required; AC:H reflects the timing-dependent race against dm suspend; successful exploitation can yield full kernel memory corruption (C/I/A:H).

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Red Hat
5.5 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 14, 2026 - 06:36 vuln.today
CVSS changed
Jun 14, 2026 - 06:22 NVD
7.8 (HIGH)
Patch available
Jun 09, 2026 - 15:01 EUVD
CVE Published
Jun 09, 2026 - 12:25 cve.org
HIGH 7.8
CVE Published
Jun 09, 2026 - 12:25 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

dm: fix unlocked test for dm_suspended_md

The function dm_blk_report_zones tests if the device is suspended with the "dm_suspended_md" call. However, this function is called without holding any locks, so the device may be suspended just after it.

Move the call to dm_suspended_md after dm_get_live_table, so that the device can't be suspended after the suspended state was tested.

AnalysisAI

Race condition in the Linux kernel device-mapper (dm) subsystem allows a local privileged user to trigger memory corruption or use-after-free conditions by exploiting a TOCTOU flaw in dm_blk_report_zones, which calls dm_suspended_md without holding required locks. The flaw affects multiple stable kernel branches including 6.12.x, 6.15.x, 6.16, and 6.18.x prior to fixed releases. No public exploit identified at time of analysis, and EPSS scores exploitation probability at 0.02% (5th percentile).

Technical ContextAI

The vulnerability resides in the Linux device-mapper (dm) layer, specifically in dm_blk_report_zones - the block-device report-zones handler used for zoned block devices (e.g., SMR HDDs, ZNS SSDs). The function tested dm_suspended_md() without serialization, creating a classic Time-of-Check to Time-of-Use (TOCTOU) race: the suspended state could change between the check and subsequent operations on the live mapping table. The fix re-orders the call so dm_suspended_md is invoked after dm_get_live_table, which ensures the live table reference protects the suspend state from changing concurrently. This is a race-condition class bug (broadly CWE-362 / CWE-367) in kernel block-layer code, although no CWE was formally assigned.

RemediationAI

Vendor-released patches are available - upgrade to the fixed stable kernel for your branch: 6.12.75 or later for the 6.12 LTS series, 6.18.14 or later, 6.19.4 or later, or 7.0. The upstream commits are 175ac0a6115400278d3900f5a04a58b17b3f6cd0, 7a3385e97af2b6f485fef11e82d8c29adee4be93, d809a36692ee1394cac85ce6ba7cf8ea58da5812, and 24c405fdbe215c45e57bba672cc42859038491ee, all available under https://git.kernel.org/stable/c/. Distribution users should track their vendor's kernel update for the corresponding backport. As a temporary compensating control where patching is delayed, avoid exposing zoned block devices through device-mapper targets and restrict local shell access to trusted users; note this materially reduces functionality for ZNS/SMR workloads, so it is only acceptable on systems that do not use zoned storage via dm.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

CVE-2026-46327 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy