Description
In the Linux kernel, the following vulnerability has been resolved:

PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition

Commit b7e282378773 has already changed the initial page refcount of
p2pdma page from one to zero, however, in p2pmem_alloc_mmap() it uses
"VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))" to assert the initial page
refcount should not be zero and the following will be reported when
CONFIG_DEBUG_VM is enabled:

page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x380400000
flags: 0x20000000002000(reserved|node=0|zone=4)
raw: 0020000000002000 ff1100015e3ab440 0000000000000000 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))
------------[ cut here ]------------
WARNING: CPU: 5 PID: 449 at drivers/pci/p2pdma.c:240 p2pmem_alloc_mmap+0x83a/0xa60

Fix by using "page_ref_count(page)" as the assertion condition.
Published: 2026-06-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the function p2pmem_alloc_mmap() asserts that a memory page has a non‑zero reference count before mapping it for PCI peer‑to‑peer DMA. Earlier releases mistakenly set the initial reference count to zero, causing the assertion to trigger when CONFIG_DEBUG_VM is enabled, which generates a VM warning. The patch corrects the assertion to use page_ref_count(page), preventing the warning and potential kernel instability.

Affected Systems

All Linux kernel binaries that do not contain commit b7e282378773 are affected. The vulnerability is present in any kernel source that has not incorporated this patch, regardless of distribution. Specific distribution version numbers are not provided, so any kernel build prior to the inclusion of the commit may be impacted.

Risk and Exploitability

The flaw is exercised only with CONFIG_DEBUG_VM active, a flag normally disabled in production systems, so the probability of exploitation is low and the EPSS score of < 1% reflects limited observed exploitation. The CVSS score of 5.5 denotes a medium severity assessment. The issue does not provide a direct exploit path for privilege escalation or remote code execution; it results in a kernel warning rather than a crash or denial of service. The vulnerability is not listed in CISA KEV.

Generated by OpenCVE AI on June 9, 2026 at 23:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a release that incorporates commit b7e282378773.
  • If immediate kernel upgrade is not possible, consult the distribution vendor for a patched kernel change or wait for the next release that includes the fixed commit.
  • As a temporary precaution, verify that CONFIG_DEBUG_VM is disabled on production machines to prevent unnecessary VM warning messages.

Generated by OpenCVE AI on June 9, 2026 at 23:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 04 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 03 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in p2pmem_alloc_mmap() it uses "VM_WARN_ON_ONCE_PAGE(!page_ref_count(page))" to assert the initial page refcount should not be zero and the following will be reported when CONFIG_DEBUG_VM is enabled: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x380400000 flags: 0x20000000002000(reserved|node=0|zone=4) raw: 0020000000002000 ff1100015e3ab440 0000000000000000 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: VM_WARN_ON_ONCE_PAGE(!page_ref_count(page)) ------------[ cut here ]------------ WARNING: CPU: 5 PID: 449 at drivers/pci/p2pdma.c:240 p2pmem_alloc_mmap+0x83a/0xa60 Fix by using "page_ref_count(page)" as the assertion condition.
Title PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-03T15:50:10.101Z

Reserved: 2026-05-13T15:03:33.109Z

Link: CVE-2026-46268

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:28.473

Modified: 2026-06-09T19:48:34.533

Link: CVE-2026-46268

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46268 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:45:15Z

Weaknesses