What is GHSA-272j-64q7-2wx2?

GHSA-272j-64q7-2wx2 is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early...

Which CVE IDs does GHSA-272j-64q7-2wx2 cover?

GHSA-272j-64q7-2wx2 covers the following CVE IDs: CVE-2026-46029. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-272j-64q7-2wx2?

GHSA-272j-64q7-2wx2 has a CVSS v3 base score of 7.0, published by GitHub Security Advisories.

GHSA-272j-64q7-2wx2HighCVSS 7.0

In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2026-46029 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

mm/slab: return NULL early from kmalloc_nolock() in NMI on UP

On UP kernels (!CONFIG_SMP), spin_trylock() is a no-op that unconditionally succeeds even when the lock is already held. As a result, kmalloc_nolock() called from NMI context can re-enter the slab allocator and acquire n->list_lock that the interrupted context is already holding, corrupting slab state.

With CONFIG_DEBUG_SPINLOCK on UP, the following BUG is triggered with the slub_kunit test module:

BUG: spinlock trylock failure on UP on CPU#0, kunit_try_catch/243 [...] Call Trace: dump_stack_lvl+0x3f/0x60 do_raw_spin_trylock+0x41/0x50 _raw_spin_trylock+0x24/0x50 get_from_partial_node+0x120/0x4d0 ___slab_alloc+0x8a/0x4c0 kmalloc_nolock_noprof+0x164/0x310 [...]

Fix this by returning NULL early when invoked from NMI on a UP kernel.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (5)