CVE-2026-46215

High

In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl briefly had a single object with two idr entries; a concurrent gem_close could delete the object and remove one of the handles while leaving the other one dangling, which could subsequently be dereferenced for a use-after-free. To fix this, do the same dance that gem_close itself does. (f6cd7daecff5 drm: Release driver references to handle before making it available again) First idr_replace the old handle to NULL. Later, if the prime operations are successful, actually close it. create_tail required a similar dance to avoid a similar problem. (bd46cece51a3 drm/gem: Fix race in drm_gem_handle_create_tail()) It idr_allocs the new handle with NULL, then swaps in the correct object later to avoid races. We don't need to do that here, since the only operations that could race are drm_prime, and change_handle holds the prime lock for the entire duration. v2: cleanups of error paths

Package Linux Kernel
Published 2026-05-28
Last modified 2026-05-30
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

7.8

out of 10
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected versions

Linux kernel versions 6.18 and later are affected. Fixed in 6.18.32, 7.0.9, 7.1-rc3 and their respective stable series.

Affected from
≥ 6.18
Fixed in
✓ 6.18.32 6.18.x ✓ 7.0.9 7.0.x ✓ 7.1-rc3

References

The following references provide additional information about CVE-2026-46215 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Frequently asked questions

  • What is CVE-2026-46215?

    CVE-2026-46215 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . It affects Linux kernel versions from 6.18 onward and has been patched in 6.18.32, 7.0.9 and 7.1-rc3. CVE-2026-46215 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2026-46215?

    CVE-2026-46215 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H .

  • Is there a patch available for CVE-2026-46215?

    Yes — CVE-2026-46215 has been patched. Fixed versions include 6.18.32, 7.0.9 and 7.1-rc3. If you are running Linux kernel 6.18 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2026-46215 actively exploited?

    No — CVE-2026-46215 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Back to
All CVEs
View on
NVD / NIST