What is GHSA-gxmw-vhgm-hqg8?

GHSA-gxmw-vhgm-hqg8 is a security advisory published by GitHub Security Advisories with unknown severity. In the Linux kernel, the following vulnerability has been resolved: mm/memfd_luo: fix physical...

Which CVE IDs does GHSA-gxmw-vhgm-hqg8 cover?

GHSA-gxmw-vhgm-hqg8 covers the following CVE IDs: CVE-2026-46013. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-gxmw-vhgm-hqg8unknown

In the Linux kernel, the following vulnerability has been resolved: mm/memfd_luo: fix physical...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-46013 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

mm/memfd_luo: fix physical address conversion in put_folios cleanup

In memfd_luo_retrieve_folios()'s put_folios cleanup path:

kho_restore_folio() expects a phys_addr_t (physical address) but receives a raw PFN (pfolio->pfn). This causes kho_restore_page() to check the wrong physical address (pfn << PAGE_SHIFT instead of the actual physical address).
This loop lacks the !pfolio->pfn check that exists in the main retrieval loop and memfd_luo_discard_folios(), which could incorrectly process sparse file holes where pfn=0.

Fix by converting PFN to physical address with PFN_PHYS() and adding the !pfolio->pfn check, matching the pattern used elsewhere in this file.

This issue was identified by the AI review. https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn

🔗 CVE IDs covered (1)

📋 Description

🔗 References (4)