CVE-2026-46029

In the Linux kernel, the following vulnerability has been resolved:

mm/slab: return NULL early from kmalloc nolock() in NMI on UP

On UP kernels (!CONFIG SMP), spin trylock() is a no-op that unconditionally succeeds even when the lock is already held. As a result, kmalloc nolock() called from NMI context can re-enter the slab allocator and acquire n->list lock that the interrupted context is already holding, corrupting slab state.

With CONFIG DEBUG SPINLOCK on UP, the following BUG is triggered with the slub kunit test module:

BUG: spinlock trylock failure on UP on CPU#0, kunit try catch/243 [...] Call Trace: dump stack lvl+0x3f/0x60 do raw spin trylock+0x41/0x50 raw spin trylock+0x24/0x50 get from partial node+0x120/0x4d0 slab alloc+0x8a/0x4c0 kmalloc nolock noprof+0x164/0x310 [...]

Fix this by returning NULL early when invoked from NMI on a UP kernel.