CVE-2026-46046
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
16/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()<br />
<br />
The commit c8e008b60492 ("ext4: ignore xattrs past end")<br />
introduced a refcount leak in when block_csum is false.<br />
<br />
ext4_xattr_inode_dec_ref_all() calls ext4_get_inode_loc() to<br />
get iloc.bh, but never releases it with brelse().
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4.293 (including) | 5.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10.237 (including) | 5.10.258 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15.181 (including) | 5.15.209 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.135 (including) | 6.1.175 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.88 (including) | 6.6.140 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.12.24 (including) | 6.12.86 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13.12 (including) | 6.14 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.14.3 (including) | 6.18.27 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/097227f1ffe1a85bc3c359f81c71e3d40e06e920
- https://git.kernel.org/stable/c/153ab2c52355fbebcae622db8e7b506492c73a29
- https://git.kernel.org/stable/c/1bc1107a3a403a6d440673ed6666f7b07ef868a8
- https://git.kernel.org/stable/c/1e6b0a69bf2c9c819255c7566e4355536d81d9cf
- https://git.kernel.org/stable/c/77d059519382bd66283e6a4e83ee186e87e7708f
- https://git.kernel.org/stable/c/b706d00206a9e82362a9633efbd8b5775650169b
- https://git.kernel.org/stable/c/dd98a5603a212ea9c96c6982ccdbcc748fdb9a56
- https://git.kernel.org/stable/c/f072906688933bf47fabbaf63560be03357c8298



