CVE-2026-46107

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dm-thin: fix metadata refcount underflow<br /> <br /> There&amp;#39;s a bug in dm-thin in the function rebalance_children. If the<br /> internal btree node has one entry, the code tries to copy all btree<br /> entries from the node&amp;#39;s child to the node itself and then decrement the<br /> child&amp;#39;s reference count.<br /> <br /> If the child node is shared (it has reference count &gt; 1), we won&amp;#39;t free<br /> it, so there would be two pointers to each of the grandchildren nodes.<br /> But the reference counts of the grandchildren is not increased, thus the<br /> reference count doesn&amp;#39;t match the number of pointers that point to the<br /> grandchildren. This results in "device mapper: space map common: unable<br /> to decrement block" errors.<br /> <br /> Fix this bug by incrementing reference counts on the grandchildren if the<br /> btree node is shared.