Description
In the Linux kernel, the following vulnerability has been resolved:

ext4: drop extent cache when splitting extent fails

When the split extent fails, we might leave some extents still being
processed and return an error directly, which will result in stale
extent entries remaining in the extent status tree. So drop all of the
remaining potentially stale extents if the splitting fails.
Published: 2026-05-27
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s ext4 filesystem lacks cleanup of stale extent entries when an extent split operation fails. Because the drop step is omitted, the extent status tree can retain invalid entries, causing the filesystem state to become inconsistent with the underlying block layout. This error handling failure falls under CWE‑459, reflecting inadequate cleanup.

Affected Systems

Any system running the Linux kernel with the ext4 implementation is potentially affected. The advisory does not specify a kernel version range, implying that any kernel compiled after the issue was identified may still contain the flaw until a patch is applied.

Risk and Exploitability

The CVSS score of 7.0 indicates high severity. The EPSS score is below 1%, reflecting a very low but nonzero probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires local or privileged access to trigger an extent split failure, possibly through heavy I/O or malicious file operations. Although no public exploits are reported, an attacker that can induce the error condition could cause filesystem corruption or loss of data consistency.

Generated by OpenCVE AI on May 28, 2026 at 17:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the ext4 extent‑cache handling fix
  • Reboot the system so the patched kernel code is active and any stale entries in memory are cleared
  • After the update, run fsck on ext4 partitions to detect and repair any remaining inconsistencies

Generated by OpenCVE AI on May 28, 2026 at 17:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Thu, 28 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-390
CWE-675

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-459
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-390
CWE-675

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails When the split extent fails, we might leave some extents still being processed and return an error directly, which will result in stale extent entries remaining in the extent status tree. So drop all of the remaining potentially stale extents if the splitting fails.
Title ext4: drop extent cache when splitting extent fails
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-30T10:41:44.680Z

Reserved: 2026-05-13T15:03:33.083Z

Link: CVE-2026-45899

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:04.227

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45899

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45899 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T17:15:21Z

Weaknesses