Description
In the Linux kernel, the following vulnerability has been resolved:

fat: avoid parent link count underflow in rmdir

Corrupted FAT images can leave a directory inode with an incorrect
i_nlink (e.g. 2 even though subdirectories exist). rmdir then
unconditionally calls drop_nlink(dir) and can drive i_nlink to 0,
triggering the WARN_ON in drop_nlink().

Add a sanity check in vfat_rmdir() and msdos_rmdir(): only drop the
parent link count when it is at least 3, otherwise report a filesystem
error.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In this vulnerability, a corrupted FAT file system can leave a directory inode whose link count (i_nlink) is incorrect. When the kernel’s rmdir path unconditionally decrements this link count, it can underflow to zero, triggering a WARN_ON in drop_nlink(). This incorrect update can lead to a kernel warning or crash, effectively causing denial of service on systems using that file system. The flaw is a kernel bug that does not provide remote code execution but can compromise availability if the attacker can influence the deletion of directories on corrupted FAT volumes.

Affected Systems

The Linux kernel is affected, specifically the FAT filesystem support in the vfat and msdos drivers. All releases of the Linux kernel that compile these drivers without the patch are vulnerable. No specific version numbers are provided, so any kernel version using the unpatched vfat/msdos code is at risk.

Risk and Exploitability

The vulnerability is local by nature; an attacker would need to mount a corrupted FAT image or otherwise cause the system to remove a directory on such a filesystem. With the EPSS score unavailable, the exploitation probability appears low but not negligible. The CVSS score is unspecified, and the issue is not listed in the CISA KEV catalog, indicating it is not currently a known exploited vulnerability. Nevertheless, the potential for a kernel crash or denial of service warrants timely attention.

Generated by OpenCVE AI on May 27, 2026 at 16:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a patched Linux kernel that includes the vfat_rmdir/m_sdos_rmdir fix.
  • Avoid performing delete operations on FAT volumes that may be corrupted, and use fsck -f or reformat the filesystem to correct i_nlink issues before use.
  • Monitor kernel logs for WARN_ON messages related to drop_nlink() and enforce quarantine of potentially corrupted FAT volumes if such warnings are observed.

Generated by OpenCVE AI on May 27, 2026 at 16:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-191

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect i_nlink (e.g. 2 even though subdirectories exist). rmdir then unconditionally calls drop_nlink(dir) and can drive i_nlink to 0, triggering the WARN_ON in drop_nlink(). Add a sanity check in vfat_rmdir() and msdos_rmdir(): only drop the parent link count when it is at least 3, otherwise report a filesystem error.
Title fat: avoid parent link count underflow in rmdir
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:17:30.699Z

Reserved: 2026-05-13T15:03:33.085Z

Link: CVE-2026-45915

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:06.320

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45915

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T18:45:39Z

Weaknesses