CVE-2026-46046 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() The commit c8e008b60492 ("ext4: ignore xattrs past end") introduced a refcount leak in when block_csum is false. ext4_xattr_inode_dec_ref_all() calls ext4_get_inode_loc() to get iloc.bh, but never releases it with brelse().

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-06-01 | Assigner Linux

Product status

Default status

unaffected

76c365fa7e2a8bb85f0190cdb4b8cdc99b2fdce3 (git) before dd98a5603a212ea9c96c6982ccdbcc748fdb9a56

affected

f737418b6de31c962c7192777ee4018906975383 (git) before 153ab2c52355fbebcae622db8e7b506492c73a29

affected

cf9291a3449b04688b81e32621e88de8f4314b54 (git) before b706d00206a9e82362a9633efbd8b5775650169b

affected

362a90cecd36e8a5c415966d0b75b04a0270e4dd (git) before 1bc1107a3a403a6d440673ed6666f7b07ef868a8

affected

eb59cc31b6ea076021d14b04e7faab1636b87d0e (git) before 097227f1ffe1a85bc3c359f81c71e3d40e06e920

affected

c8e008b60492cf6fd31ef127aea6d02fd3d314cd (git) before 1e6b0a69bf2c9c819255c7566e4355536d81d9cf

affected

c8e008b60492cf6fd31ef127aea6d02fd3d314cd (git) before f072906688933bf47fabbaf63560be03357c8298

affected

c8e008b60492cf6fd31ef127aea6d02fd3d314cd (git) before 77d059519382bd66283e6a4e83ee186e87e7708f

affected

6aff941cb0f7d0c897c3698ad2e30672709135e3 (git)

affected

3bc6317033f365ce578eb6039445fb66162722fd (git)

affected

836e625b03a666cf93ff5be328c8cb30336db872 (git)

affected

5.10.237 (semver) before 5.10.258

affected

5.15.181 (semver) before 5.15.209

affected

6.1.135 (semver) before 6.1.175

affected

6.6.88 (semver) before 6.6.140

affected

6.12.24 (semver) before 6.12.86

affected

5.4.293 (semver) before 5.5

affected

6.13.12 (semver) before 6.14

affected

6.14.3 (semver) before 6.15

affected

Default status

affected

6.15

affected

Any version before 6.15

unaffected

5.10.258 (semver)

unaffected

5.15.209 (semver)

unaffected

6.1.175 (semver)

unaffected

6.6.140 (semver)

unaffected

6.12.86 (semver)

unaffected

6.18.27 (semver)

unaffected

7.0.4 (semver)

unaffected

7.1-rc1 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/dd98a5603a212ea9c96c6982ccdbcc748fdb9a56

git.kernel.org/...c/153ab2c52355fbebcae622db8e7b506492c73a29

git.kernel.org/...c/b706d00206a9e82362a9633efbd8b5775650169b

git.kernel.org/...c/1bc1107a3a403a6d440673ed6666f7b07ef868a8

git.kernel.org/...c/097227f1ffe1a85bc3c359f81c71e3d40e06e920

git.kernel.org/...c/1e6b0a69bf2c9c819255c7566e4355536d81d9cf

git.kernel.org/...c/f072906688933bf47fabbaf63560be03357c8298

git.kernel.org/...c/77d059519382bd66283e6a4e83ee186e87e7708f

cve.org (CVE-2026-46046)

nvd.nist.gov (CVE-2026-46046)

Download JSON