CVE-2026-46100 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

fs: afs: revert mmap_prepare() change

Partially reverts commit 9d5403b1036c ("fs: convert most other
generic_file_*mmap() users to .mmap_prepare()").

This is because the .mmap invocation establishes a refcount, but
.mmap_prepare is called at a point where a merge or an allocation failure
might happen after the call, which would leak the refcount increment.

Functionality is being added to permit the use of .mmap_prepare in this
case, but in the interim, we need to fix this.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel contained a regression where the .mmap_prepare() routine could leave a reference count increment unreleased. The commit that reoriented generic_file_*mmap() calls back to .mmap_prepare() was partially reverted to avoid a situation where a merge or allocation failure might happen after the call, leading to a refcount leak. The resulting leak could, over time, consume kernel resources and potentially cause a denial‑of‑service scenario if unchecked. This weakness maps to the classic memory‑leak category.

Affected Systems

Systems running the Linux kernel are impacted, regardless of distribution, as the issue resides in core kernel source. No specific version range is supplied, so any kernel that applied the commit in question before the series of patches including this revert may be vulnerable.

Risk and Exploitability

With no published CVSS or EPSS score and no KEV listing, the exact risk remains undefined. The developers identified a refcount leak that could lead to resource exhaustion; however, no public exploit evidence is known. The absence of EPSS data does not confirm low exploitation probability, but recent kernel fixes suggest it is likely mitigated in newer releases. Until the fix is applied, administrators should treat the possibility of a denial‑of‑service vector as a concern.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`9d5403b1036cdcd4be0f9f5568612c0e60e73d79`	affected	< f51f85c044809fbd39ac8ae07ac99bc43ce32bd5
`9d5403b1036cdcd4be0f9f5568612c0e60e73d79`	affected	< 48c7a0eaeea41da17d1d84d2d7a4c40be122b246
`9d5403b1036cdcd4be0f9f5568612c0e60e73d79`	affected	< fbfc6578eaca12daa0c09df1e9ba7f2c657b49da

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a Linux kernel version that includes the revert of the problematic commit or a later revision where the refcount leak is fixed.
If immediate upgrade is not possible, disable or restrict unprivileged use of mmap for AFS file systems or enforce stricter access controls on kernel functions that use .mmap_prepare().
Monitor kernel memory usage and refcount metrics for abnormal growth, and apply additional kernel patches or reverts if necessary.

Generated by OpenCVE AI on May 27, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/48c7a0eaeea41da17d1d84d2d7a4c40be122b246
https://git.kernel.org/stable/c/f51f85c044809fbd39ac8ae07ac99bc43ce32bd5
https://git.kernel.org/stable/c/fbfc6578eaca12daa0c09df1e9ba7f2c657b49da

History

Wed, 27 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-391

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users to .mmap_prepare()"). This is because the .mmap invocation establishes a refcount, but .mmap_prepare is called at a point where a merge or an allocation failure might happen after the call, which would leak the refcount increment. Functionality is being added to permit the use of .mmap_prepare in this case, but in the interim, we need to fix this.
Title		fs: afs: revert mmap_prepare() change
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/48c7a0eaeea41da17d1d84d2d7a4c40be122b246 https://git.kernel.org/stable/c/f51f85c044809fbd39ac8ae07ac99bc43ce32bd5 https://git.kernel.org/stable/c/fbfc6578eaca12daa0c09df1e9ba7f2c657b49da

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:59:06.853Z

Updated: 2026-05-27T12:59:06.853Z

Reserved: 2026-05-13T15:03:33.097Z

Link: CVE-2026-46100

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:31.877

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46100

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T21:30:34Z

Weaknesses

CWE-391

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object