Description
In the Linux kernel, the following vulnerability has been resolved:

ocfs2: split transactions in dio completion to avoid credit exhaustion

During ocfs2 dio operations, JBD2 may report warnings via following
call trace:
ocfs2_dio_end_io_write
ocfs2_mark_extent_written
ocfs2_change_extent_flag
ocfs2_split_extent
ocfs2_try_to_merge_extent
ocfs2_extend_rotate_transaction
ocfs2_extend_trans
jbd2__journal_restart
start_this_handle
output: JBD2: kworker/6:2 wants too many credits credits:5450 rsv_credits:0 max:5449

To prevent exceeding the credits limit, modify ocfs2_dio_end_io_write() to
handle extents in a batch of transaction.

Additionally, relocate ocfs2_del_inode_from_orphan(). The orphan inode
should only be removed from the orphan list after the extent tree update
is complete. This ensures that if a crash occurs in the middle of extent
tree updates, we won't leave stale blocks beyond EOF.

This patch also changes the logic for updating the inode size and removing
orphan, making it similar to ext4_dio_write_end_io(). Both operations are
performed only when everything looks good.

Finally, thanks to Jans and Joseph for providing the bug fix prototype and
suggestions.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During ocfs2 write operations the Linux kernel’s journaling subsystem may attempt to acquire more transaction credits than the maximum allowed, triggering warnings such as "kworker wants too many credits" and potentially causing kernel panics or data corruption. The described patch splits large extents into smaller batches and defers orphan inode removal until extent updates finish, preventing over‑crediting and removal of stale blocks beyond the end‑of‑file. The result is a high‑impact vulnerability that can lead to service disruption and loss of data integrity if an attacker or misconfiguring workload forces excessive journal activity.

Affected Systems

All Linux kernel releases that include the ocfs2 filesystem before the official patch. The affected code paths are in ocfs2_dio_end_io_write, ocfs2_change_extent_flag, ocfs2_split_extent, and related journaling functions. No specific kernel version range is listed, but any kernel bundled with ocfs2 is potentially vulnerable until the fix is applied.

Risk and Exploitability

The CVSS score is not disclosed and the EPSS score is unavailable, so the quantitative risk is unknown. It is inferred that exploitation requires local or elevated privileges that allow heavy ocfs2 I/O to trigger the credit exhaustion logic. The vulnerability is not currently listed in the CISA KEV catalog, suggesting no widespread known exploitation yet. Nevertheless, the failure mode could produce a denial of service or data corruption, making it a high priority for mitigation. Based on the description, the likely attack vector is through sustained ocfs2 read/write workloads that provoke journal overcommitment.

Generated by OpenCVE AI on May 28, 2026 at 02:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes the ocfs2 patch for splitting transaction credits and safe orphan inode removal.
  • After upgrading, ensure that the system logs no longer contain "JBD2: kworker … wants too many credits" warnings during ocfs2 activity.
  • If an immediate kernel update is not possible, monitor ocfs2 devices for excessive journal credit warnings and consider temporarily reducing I/O load or switching to a different filesystem until the patch can be applied.

Generated by OpenCVE AI on May 28, 2026 at 02:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
References

Wed, 27 May 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in dio completion to avoid credit exhaustion During ocfs2 dio operations, JBD2 may report warnings via following call trace: ocfs2_dio_end_io_write ocfs2_mark_extent_written ocfs2_change_extent_flag ocfs2_split_extent ocfs2_try_to_merge_extent ocfs2_extend_rotate_transaction ocfs2_extend_trans jbd2__journal_restart start_this_handle output: JBD2: kworker/6:2 wants too many credits credits:5450 rsv_credits:0 max:5449 To prevent exceeding the credits limit, modify ocfs2_dio_end_io_write() to handle extents in a batch of transaction. Additionally, relocate ocfs2_del_inode_from_orphan(). The orphan inode should only be removed from the orphan list after the extent tree update is complete. This ensures that if a crash occurs in the middle of extent tree updates, we won't leave stale blocks beyond EOF. This patch also changes the logic for updating the inode size and removing orphan, making it similar to ext4_dio_write_end_io(). Both operations are performed only when everything looks good. Finally, thanks to Jans and Joseph for providing the bug fix prototype and suggestions.
Title ocfs2: split transactions in dio completion to avoid credit exhaustion
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:58:17.103Z

Reserved: 2026-05-13T15:03:33.096Z

Link: CVE-2026-46080

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:29.397

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46080

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46080 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T07:00:13Z

Weaknesses