CVE-2026-23375
Description
In the Linux kernel, the following vulnerability has been resolved:
mm: thp: deny THP for files on anonymous inodes
file_thp_enabled() incorrectly allows THP for files on anonymous inodes (e.g. guest_memfd and secretmem). These files are created via alloc_file_pseudo(), which does not call get_write_access() and leaves inode->i_writecount at 0. Combined with S_ISREG(inode->i_mode) being true, they appear as read-only regular files when CONFIG_READ_ONLY_THP_FOR_FS is enabled, making them eligible for THP collapse.
Anonymous inodes can never pass the inode_is_open_for_write() check since their i_writecount is never incremented through the normal VFS open path. The right thing to do is to exclude them from THP eligibility altogether, since CONFIG_READ_ONLY_THP_FOR_FS was designed for real filesystem files (e.g. shared libraries), not for pseudo-filesystem inodes.
For guest_memfd, this allows khugepaged and MADV_COLLAPSE to create large folios in the page cache via the collapse path, but the guest_memfd fault handler does not support large folios. This triggers WARN_ON_ONCE(folio_test_large(folio)) in kvm_gmem_fault_user_mapping().
For secretmem, collapse_file() tries to copy page contents through the direct map, but secretmem pages are removed from the direct map. This can result in a kernel crash:
BUG: unable to handle page fault for address: ffff88810284d000 RIP: 0010:memcpy_orig+0x16/0x130 Call Trace: collapse_file hpage_collapse_scan_file madvise_collapse
Secretmem is not affected by the crash on upstream as the memory failure recovery handles the failed copy gracefully, but it still triggers confusing false memory failure reports:
Memory failure: 0x106d96f: recovery action for clean unevictable LRU page: Recovered
Check IS_ANON_FILE(inode) in file_thp_enabled() to deny THP for all anonymous inode files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
86cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.8.1,<6.12.78
- cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
- (no CPE)
- osv-coords76 versionspkg:linux/kernelpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-modules-extra-matchedpkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rv
>= 6.8.0, < 6.12.78+ 75 more
- (no CPE)range: >= 6.8.0, < 6.12.78
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
- (no CPE)range: < 6.12.0-211.18.1.el10_2
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.