CVE-2026-6386

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the kernel's handling of protection keys for address ranges. The subroutine responsible for updating page table entries fails to account for 1GB largepage mappings created via the shm create largepage(3) interface, incorrectly treating page directory page entries as pointers to other page table pages. An unprivileged user can exploit this by causing the pmap pkru update range() function to treat userspace memory as a page table page, allowing the overwrite of memory that should otherwise be inaccessible. This issue is under active exploitation and can lead to unauthorized access and data breaches.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.