Bug 2484449 (CVE-2026-46268) - CVE-2026-46268 kernel: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition
Summary: CVE-2026-46268 kernel: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition
Keywords:
Status: NEW
Alias: CVE-2026-46268
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-03 18:01 UTC by OSIDB Bzimport
Modified: 2026-06-03 20:01 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-03 18:01:59 UTC
In the Linux kernel, the following vulnerability has been resolved:

PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition

Commit b7e282378773 has already changed the initial page refcount of
p2pdma page from one to zero, however, in p2pmem_alloc_mmap() it uses
"VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))" to assert the initial page
refcount should not be zero and the following will be reported when
CONFIG_DEBUG_VM is enabled:

  page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x380400000
  flags: 0x20000000002000(reserved|node=0|zone=4)
  raw: 0020000000002000 ff1100015e3ab440 0000000000000000 0000000000000000
  raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
  page dumped because: VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))
  ------------[ cut here ]------------
  WARNING: CPU: 5 PID: 449 at drivers/pci/p2pdma.c:240 p2pmem_alloc_mmap+0x83a/0xa60

Fix by using "page_ref_count(page)" as the assertion condition.


Note You need to log in before you can comment on or make changes to this bug.