CVE-2026-46115

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> block: add pgmap check to biovec_phys_mergeable<br /> <br /> biovec_phys_mergeable() is used by the request merge, DMA mapping,<br /> and integrity merge paths to decide if two physically contiguous<br /> bvec segments can be coalesced into one. It currently has no check<br /> for whether the segments belong to different dev_pagemaps.<br /> <br /> When zone device memory is registered in multiple chunks, each chunk<br /> gets its own dev_pagemap. A single bio can legitimately contain<br /> bvecs from different pgmaps -- iov_iter_extract_bvecs() breaks at<br /> pgmap boundaries but the outer loop in bio_iov_iter_get_pages()<br /> continues filling the same bio. If such bvecs are physically<br /> contiguous, biovec_phys_mergeable() will coalesce them, making it<br /> impossible to recover the correct pgmap for the merged segment<br /> via page_pgmap().<br /> <br /> Add a zone_device_pages_have_same_pgmap() check to prevent merging<br /> bvec segments that span different pgmaps.