CVE-2026-46046 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() The commit c8e008b60492 ("ext4: ignore xattrs past end") introduced a refcount leak in when block_csum is false. ext4_xattr_inode_dec_ref_all() calls ext4_get_inode_loc() to get iloc.bh, but never releases it with brelse().

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/097227f1ffe1a85bc3c359f81c71e3d40e06e920
https://git.kernel.org/stable/c/1bc1107a3a403a6d440673ed6666f7b07ef868a8
https://git.kernel.org/stable/c/1e6b0a69bf2c9c819255c7566e4355536d81d9cf
https://git.kernel.org/stable/c/77d059519382bd66283e6a4e83ee186e87e7708f
https://git.kernel.org/stable/c/f072906688933bf47fabbaf63560be03357c8298

History

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() The commit c8e008b60492 ("ext4: ignore xattrs past end") introduced a refcount leak in when block_csum is false. ext4_xattr_inode_dec_ref_all() calls ext4_get_inode_loc() to get iloc.bh, but never releases it with brelse().
Title		ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/097227f1ffe1a85bc3c359f81c71e3d40e06e920 https://git.kernel.org/stable/c/1bc1107a3a403a6d440673ed6666f7b07ef868a8 https://git.kernel.org/stable/c/1e6b0a69bf2c9c819255c7566e4355536d81d9cf https://git.kernel.org/stable/c/77d059519382bd66283e6a4e83ee186e87e7708f https://git.kernel.org/stable/c/f072906688933bf47fabbaf63560be03357c8298

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:57:02.610Z

Updated: 2026-05-27T12:57:02.610Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46046

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:24.083

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46046

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46046", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.094Z", "datePublished": "2026-05-27T12:57:02.610Z", "dateUpdated": "2026-05-27T12:57:02.610Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:57:02.610Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()\n\nThe commit c8e008b60492 (\"ext4: ignore xattrs past end\")\nintroduced a refcount leak in when block_csum is false.\n\next4_xattr_inode_dec_ref_all() calls ext4_get_inode_loc() to\nget iloc.bh, but never releases it with brelse()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/xattr.c"], "versions": [{"version": "362a90cecd36e8a5c415966d0b75b04a0270e4dd", "lessThan": "1bc1107a3a403a6d440673ed6666f7b07ef868a8", "status": "affected", "versionType": "git"}, {"version": "eb59cc31b6ea076021d14b04e7faab1636b87d0e", "lessThan": "097227f1ffe1a85bc3c359f81c71e3d40e06e920", "status": "affected", "versionType": "git"}, {"version": "c8e008b60492cf6fd31ef127aea6d02fd3d314cd", "lessThan": "1e6b0a69bf2c9c819255c7566e4355536d81d9cf", "status": "affected", "versionType": "git"}, {"version": "c8e008b60492cf6fd31ef127aea6d02fd3d314cd", "lessThan": "f072906688933bf47fabbaf63560be03357c8298", "status": "affected", "versionType": "git"}, {"version": "c8e008b60492cf6fd31ef127aea6d02fd3d314cd", "lessThan": "77d059519382bd66283e6a4e83ee186e87e7708f", "status": "affected", "versionType": "git"}, {"version": "6aff941cb0f7d0c897c3698ad2e30672709135e3", "status": "affected", "versionType": "git"}, {"version": "76c365fa7e2a8bb85f0190cdb4b8cdc99b2fdce3", "status": "affected", "versionType": "git"}, {"version": "f737418b6de31c962c7192777ee4018906975383", "status": "affected", "versionType": "git"}, {"version": "cf9291a3449b04688b81e32621e88de8f4314b54", "status": "affected", "versionType": "git"}, {"version": "3bc6317033f365ce578eb6039445fb66162722fd", "status": "affected", "versionType": "git"}, {"version": "836e625b03a666cf93ff5be328c8cb30336db872", "status": "affected", "versionType": "git"}, {"version": "6.6.88", "lessThan": "6.6.140", "status": "affected", "versionType": "semver"}, {"version": "6.12.24", "lessThan": "6.12.86", "status": "affected", "versionType": "semver"}, {"version": "5.4.293", "lessThan": "5.5", "status": "affected", "versionType": "semver"}, {"version": "5.10.237", "lessThan": "5.11", "status": "affected", "versionType": "semver"}, {"version": "5.15.181", "lessThan": "5.16", "status": "affected", "versionType": "semver"}, {"version": "6.1.135", "lessThan": "6.2", "status": "affected", "versionType": "semver"}, {"version": "6.13.12", "lessThan": "6.14", "status": "affected", "versionType": "semver"}, {"version": "6.14.3", "lessThan": "6.15", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/xattr.c"], "versions": [{"version": "6.15", "status": "affected"}, {"version": "0", "lessThan": "6.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.140", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.86", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.88", "versionEndExcluding": "6.6.140"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12.24", "versionEndExcluding": "6.12.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "7.1-rc1"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.293"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.237"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.181"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.135"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.14.3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1bc1107a3a403a6d440673ed6666f7b07ef868a8"}, {"url": "https://git.kernel.org/stable/c/097227f1ffe1a85bc3c359f81c71e3d40e06e920"}, {"url": "https://git.kernel.org/stable/c/1e6b0a69bf2c9c819255c7566e4355536d81d9cf"}, {"url": "https://git.kernel.org/stable/c/f072906688933bf47fabbaf63560be03357c8298"}, {"url": "https://git.kernel.org/stable/c/77d059519382bd66283e6a4e83ee186e87e7708f"}], "title": "ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()", "x_generator": {"engine": "bippy-1.2.0"}}}}