CVE-2026-46268: 
Linux Kernel Analyse et atténuation des vulnérabilités

CVE-2026-46268 is a Linux kernel vulnerability in the PCI/P2PDMA subsystem where an incorrect assertion condition in the p2pmem_alloc_mmap() function triggers spurious kernel warnings when CONFIG_DEBUG_VM is enabled. The flaw stems from a stale check (VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))) that was not updated after commit b7e282378773 changed the initial page refcount of P2PDMA pages from one to zero. It affects Linux kernel versions 6.15 through 6.18.13 and 6.19 through 6.19.3. Disclosed on June 3, 2026, it carries a CVSS v3.1 base score of 5.5 (Medium) (GitHub Advisory).

The root cause is an assertion logic flaw (no formal CWE assigned) in drivers/pci/p2pdma.c at line 240. After commit b7e282378773 changed the initial page refcount for P2PDMA pages to zero, the assertion VM_WARN_ON_ONCE_PAGE(!page_ref_count(page)) became inverted — it fires a warning precisely when the refcount is correctly zero, rather than when it is unexpectedly zero. A local user with low privileges who triggers P2PDMA memory mapping operations (e.g., via mmap() on a P2PDMA device) on a kernel built with CONFIG_DEBUG_VM will cause the warning to fire. The fix corrects the assertion to VM_WARN_ON_ONCE_PAGE(page_ref_count(page)), so it only warns when the refcount is non-zero at that point (GitHub Advisory).

Successful exploitation causes spurious VM_WARN_ON_ONCE_PAGE kernel warnings to be emitted, flooding system logs and potentially degrading the availability of debug kernel builds. The impact is limited to availability (log flooding, potential denial of service on debug systems); there is no confidentiality or integrity impact. Systems running production kernels without CONFIG_DEBUG_VM are not affected by the warning behavior (GitHub Advisory).

Apply the upstream Linux kernel patches that correct the assertion condition in p2pmem_alloc_mmap(). Fixed versions are Linux kernel 6.18.14 and 6.19.4 (and mainline 7.0+). Patches are available at the stable kernel tree (kernel patch 1, kernel patch 2, kernel patch 3). As a temporary workaround, disabling CONFIG_DEBUG_VM in the kernel build configuration will suppress the spurious warnings, though this is not recommended for security-sensitive or development environments. Systems not using P2PDMA functionality are not affected in practice.