{"id":"CVE-2026-46281","summary":"vmalloc: fix buffer overflow in vrealloc_node_align()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvmalloc: fix buffer overflow in vrealloc_node_align()\n\nCommit 4c5d3365882d (\"mm/vmalloc: allow to set node and align in\nvrealloc\") added the ability to force a new allocation if the current\npointer is on the wrong NUMA node, or if an alignment constraint is not\nmet, even if the user is shrinking the allocation.\n\nOn this path (need_realloc), the code allocates a new object of 'size'\nbytes and then memcpy()s 'old_size' bytes into it.  If the request is to\nshrink the object (size \u003c old_size), this results in an out-of-bounds\nwrite on the new buffer.\n\nFix this by bounding the copy length by the new allocation size.","modified":"2026-06-18T03:56:13.078358331Z","published":"2026-06-08T15:41:24.168Z","related":["openSUSE-SU-2026:11014-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46281.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/82d1f01292d3f09bf063f829f8ab8de12b4280a1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b281adf71f786c325eb6d6d1582d4d05313438a8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e9b057a44deff4c59c13f44672a5cc74dcd57522"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46281.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46281"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4c5d3365882dbbc0784688784904f440d7a4c0f1"},{"fixed":"e9b057a44deff4c59c13f44672a5cc74dcd57522"},{"fixed":"b281adf71f786c325eb6d6d1582d4d05313438a8"},{"fixed":"82d1f01292d3f09bf063f829f8ab8de12b4280a1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46281.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.18.0"},{"fixed":"6.18.27"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46281.json"}}],"schema_version":"1.7.5"}