What is CVE-2026-46280?

CVE-2026-46280 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.8 onward and patched in 6.6.140, 6.12.86, 6.18.27 and others. CVE-2026-46280 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46280?

CVE-2026-46280 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46280?

Yes, CVE-2026-46280 has been patched. Fixed versions include 6.6.140, 6.12.86, 6.18.27 and others. If you are running Linux kernel 5.8 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46280 actively exploited?

CVE-2026-46280 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46280

In the Linux kernel, the following vulnerability has been resolved: lib: test_hmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmm_test fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special thanks to Lorenzo for analysing and pointing out the problems. This patch (of 3): When dmirror_fops_release() is called it frees the dmirror struct but doesn't migrate device private pages back to system memory first. This leaves those pages with a dangling zone_device_data pointer to the freed dmirror. If a subsequent fault occurs on those pages (eg. during coredump) the dmirror_devmem_fault() callback dereferences the stale pointer causing a kernel panic. This was reported [1] when running mm/ksft_hmm.sh on arm64, where a test failure triggered SIGABRT and the resulting coredump walked the VMAs faulting in the stale device private pages. Fix this by calling dmirror_device_evict_chunk() for each devmem chunk in dmirror_fops_release() to migrate all device private pages back to system memory before freeing the dmirror struct. The function is moved earlier in the file to avoid a forward declaration.

Package Linux Kernel

Published 2026-06-08

Last modified 2026-06-08

Patch available

Yes

Affected versions

Linux kernel versions 5.8 and later are affected. Fixed in 6.6.140, 6.12.86, 6.18.27, 7.0.4, 7.1-rc1 and their respective stable series.

Affected from

≥ 5.8

Fixed in

✓ 6.6.140 6.6.x ✓ 6.12.86 6.12.x ✓ 6.18.27 6.18.x ✓ 7.0.4 7.0.x ✓ 7.1-rc1

References

5 total

Frequently asked questions

What is CVE-2026-46280?

CVE-2026-46280 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.8 onward and has been patched in 6.6.140, 6.12.86, 6.18.27 and others. CVE-2026-46280 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46280?

Yes — CVE-2026-46280 has been patched. Fixed versions include 6.6.140, 6.12.86, 6.18.27 and others. If you are running Linux kernel 5.8 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46280 actively exploited?

No — CVE-2026-46280 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.