Race Condition Vulnerability in Linux Kernel Affecting Multiple Products
CVE-2026-46215

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46215?

A race condition has been identified in the Linux kernel related to the handling of device resources, specifically within the Direct Rendering Manager (DRM). This vulnerability arises during the prime swap operation where a single object can spawn two ID references. A concurrent operation, such as gem_close, could potentially delete one handle while leaving another dangling. This mishap could lead to a use-after-free scenario where the invalid handle is dereferenced, resulting in unpredictable behavior. To mitigate this issue, the kernel ensures proper reference management by setting the old handle to NULL before reuse, thereby preventing access to stale data. Additionally, related functions have been updated to include necessary safeguards against similar race conditions, highlighting the ongoing commitment to maintaining kernel integrity.

Affected Version(s)

Linux 53096728b8910c6916ecc6c46a5abc5c678b58d9 < 672464dd53231509c9c771110798c56d4660e19e

Linux 53096728b8910c6916ecc6c46a5abc5c678b58d9 < 61bd96d3e5472c253f9c1ab77608f0c8aaa9d025

Linux 53096728b8910c6916ecc6c46a5abc5c678b58d9 < 5e28b7b94408897e41c63477aabc9e1db439bc8c

References

https://git.kernel.org/stable/c/672464dd53231509c9c771110...

https://git.kernel.org/stable/c/61bd96d3e5472c253f9c1ab77...

https://git.kernel.org/stable/c/5e28b7b94408897e41c63477a...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46215 Data

JSON