Skip to main content

Linux Kernel EUVDEUVD-2026-32472

| CVE-2026-46089 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-qc74-hc4j-xrp6
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local vector confirmed by need for device access; PR:L because low-privilege user can trigger; A:H for indefinite process hang; no C/I impact.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:35 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

zram: do not forget to endio for partial discard requests

As reported by Qu Wenruo and Avinesh Kumar, the following

getconf PAGESIZE 65536 blkdiscard -p 4k /dev/zram0

takes literally forever to complete. zram doesn't support partial discards and just returns immediately w/o doing any discard work in such cases. The problem is that we forget to endio on our way out, so blkdiscard sleeps forever in submit_bio_wait(). Fix this by jumping to end_bio label, which does bio_endio().

AnalysisAI

The zram compressed-RAM block device driver in the Linux kernel hangs processes indefinitely when partial discard requests are submitted on systems where the discard granularity is smaller than the system page size (e.g., 4K discards on ARM64 systems with 64K pages). The driver correctly identifies partial discards as unsupported and returns early, but omits calling bio_endio(), leaving submit_bio_wait() blocked forever. Exploitation requires local access to a zram device with low privileges; no public exploit exists and EPSS is 0.02%, consistent with a niche local denial-of-service. Patches are available across multiple stable kernel branches.

Technical ContextAI

zram is a Linux kernel block device driver (drivers/block/zram/) that uses compressed RAM as storage, commonly deployed as a swap backend on memory-constrained systems. The Linux block I/O (bio) subsystem mandates that every bio submitted via submit_bio() must eventually be completed by a call to bio_endio(), signaling the submitter that the operation is done. In the affected code path, when zram receives a discard request whose granularity does not align to a full page (e.g., PAGESIZE=65536, discard step=4096), it detects the unsupported partial discard and returns early - but bypasses the end_bio label responsible for calling bio_endio(). This violates the bio lifecycle contract, causing any caller blocked in submit_bio_wait() to sleep indefinitely. The root cause is effectively an improper resource shutdown (analogous to CWE-404), where a cleanup/completion callback is missing on an early-exit code path. Affected products are identified by CPE cpe:2.3:o:linux:linux_kernel covering all versions from the introducing commit 0120dd6e4e202e19a0e011e486fb2da40a5ea279 up to the respective fix commits per stable branch.

RemediationAI

Update to a patched stable kernel release: Linux 6.6.140, 6.12.86, 6.18.27, 7.0.4, or 7.1-rc1. Upstream fix commits are available at the five git.kernel.org/stable links referenced above and can be cherry-picked into vendor or distribution kernels if a packaged release is not yet available. As an interim compensating control, restrict write access to zram block devices (e.g., /dev/zram0) to root only via udev rules or filesystem permissions - this prevents unprivileged users from issuing blkdiscard, though it does not address potential hangs from root-owned daemons or scripts. Alternatively, avoid issuing blkdiscard with sub-page granularity (i.e., ensure the discard step matches or exceeds PAGESIZE) as a process-level workaround; note this changes discard efficiency for zram-backed swap. Disabling zram entirely eliminates exposure but may significantly impact swap performance on memory-constrained systems.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

EUVD-2026-32472 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy