CVE-2026-46054 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

selinux: fix overlayfs mmap() and mprotect() access checks

The existing SELinux security model for overlayfs is to allow access if
the current task is able to access the top level file (the "user" file)
and the mounter's credentials are sufficient to access the lower
level file (the "backing" file). Unfortunately, the current code does
not properly enforce these access controls for both mmap() and mprotect()
operations on overlayfs filesystems.

This patch makes use of the newly created security_mmap_backing_file()
LSM hook to provide the missing backing file enforcement for mmap()
operations, and leverages the backing file API and new LSM blob to
provide the necessary information to properly enforce the mprotect()
access controls.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability stems from missing SELinux enforcement on mmap() and mprotect() system calls for overlayfs filesystems, allowing an attacker to map or change the protection of files in a way that bypasses SELinux controls. This can enable a user with local access to read from or write to backing (lower‑level) files that they should not normally be able to, potentially leading to privilege escalation, unauthorized data exfiltration, or modification of protected files.

Affected Systems

All Linux kernel releases that support overlayfs and SELinux and have not applied the patch. The issue is not limited to a particular distribution and affects any kernel that implements overlayfs without the new security_mmap_backing_file hook.

Risk and Exploitability

The CVSS score is not provided and the EPSS score is unavailable, so precise severity calculations cannot be made, but the Trusted Access Control flaw (CWE-284) is a high‑impact weakness. The vulnerability can be exploited by a local attacker who can create or manipulate overlay mounts; remote exploitation would likely require additional privileges or a misconfigured mount. The flaw is not listed in CISA KEV, but due to its impact on SELinux enforcement it should be treated as serious for systems relying on SELinux to mediate file access.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< cd0e707a927a70cdfd8bc5a512a9719a87f5ed51
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 82544d36b1729153c8aeb179e84750f0c085d3b1
`0`	affected	< 7.0.4

Linux

affected

Version	Status	Constraints
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to the latest version that includes the SELinux overlayfs patch and restart affected services.
Verify that the security_mmap_backing_file hook is active and that overlayfs files show correct SELinux labels with commands such as `ls -Z`
If overlayfs is not required for the workload, disable it or apply stricter mount options to mitigate potential misuse

Generated by OpenCVE AI on May 27, 2026 at 18:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1
https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51

History

Wed, 27 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file (the "user" file) and the mounter's credentials are sufficient to access the lower level file (the "backing" file). Unfortunately, the current code does not properly enforce these access controls for both mmap() and mprotect() operations on overlayfs filesystems. This patch makes use of the newly created security_mmap_backing_file() LSM hook to provide the missing backing file enforcement for mmap() operations, and leverages the backing file API and new LSM blob to provide the necessary information to properly enforce the mprotect() access controls.
Title		selinux: fix overlayfs mmap() and mprotect() access checks
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1 https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:57:12.813Z

Updated: 2026-05-27T12:57:12.813Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46054

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:25.043

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46054

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T18:30:26Z

Weaknesses

CWE-284

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object