2486455 – (CVE-2026-46281) CVE-2026-46281 kernel: vmalloc: fix buffer overflow in vrealloc_node_align()

Bug 2486455 (CVE-2026-46281) - CVE-2026-46281 kernel: vmalloc: fix buffer overflow in vrealloc_node_align()

Summary: CVE-2026-46281 kernel: vmalloc: fix buffer overflow in vrealloc_node_align()

Keywords:
Status:	NEW
Alias:	CVE-2026-46281
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-08 17:02 UTC by OSIDB Bzimport
Modified:	2026-06-08 19:59 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-08 17:02:52 UTC

In the Linux kernel, the following vulnerability has been resolved:

vmalloc: fix buffer overflow in vrealloc_node_align()

Commit 4c5d3365882d ("mm/vmalloc: allow to set node and align in
vrealloc") added the ability to force a new allocation if the current
pointer is on the wrong NUMA node, or if an alignment constraint is not
met, even if the user is shrinking the allocation.

On this path (need_realloc), the code allocates a new object of 'size'
bytes and then memcpy()s 'old_size' bytes into it.  If the request is to
shrink the object (size < old_size), this results in an out-of-bounds
write on the new buffer.

Fix this by bounding the copy length by the new allocation size.

Comment 1 Keith Grant 2026-06-08 19:55:13 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026060842-CVE-2026-46281-60c8@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.