CVE-2026-46100
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
fs: afs: revert mmap_prepare() change
Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users to .mmap_prepare()").
This is because the .mmap invocation establishes a refcount, but .mmap_prepare is called at a point where a merge or an allocation failure might happen after the call, which would leak the refcount increment.
Functionality is being added to permit the use of .mmap_prepare in this case, but in the interim, we need to fix this.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9d5403b1036cdcd4be0f9f5568612c0e60e73d79 < f51f85c044809fbd39ac8ae07ac99bc43ce32bd5 | affected |
| Linux | Linux | 9d5403b1036cdcd4be0f9f5568612c0e60e73d79 < 48c7a0eaeea41da17d1d84d2d7a4c40be122b246 | affected |
| Linux | Linux | 9d5403b1036cdcd4be0f9f5568612c0e60e73d79 < fbfc6578eaca12daa0c09df1e9ba7f2c657b49da | affected |
| Linux | Linux | 6.17 | affected |
| Linux | Linux | 0 < 6.17 | unaffected |
| Linux | Linux | 6.18.27 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.4 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/f51f85c044809fbd39ac8ae07ac99bc43ce32bd5
- https://git.kernel.org/stable/c/48c7a0eaeea41da17d1d84d2d7a4c40be122b246
- https://git.kernel.org/stable/c/fbfc6578eaca12daa0c09df1e9ba7f2c657b49da
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.