CVE-2026-46100 - Vulnerability Details

- fs: afs: revert mmap_prepare() change

Description

In the Linux kernel, the following vulnerability has been resolved:

fs: afs: revert mmap_prepare() change

Partially reverts commit 9d5403b1036c ("fs: convert most other
generic_file_*mmap() users to .mmap_prepare()").

This is because the .mmap invocation establishes a refcount, but
.mmap_prepare is called at a point where a merge or an allocation failure
might happen after the call, which would leak the refcount increment.

Functionality is being added to permit the use of .mmap_prepare in this
case, but in the interim, we need to fix this.

Published: 2026-05-27

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel AFS subsystem contains a defect (CWE-911) where the ".mmap_prepare" callback may increment a reference count that is not decremented if a merge or allocation failure occurs following the call. This defect could result in a reference count leak affecting kernel objects.

Affected Systems

The defect is present in the Linux kernel source. All systems running a kernel that includes the buggy commit before the revert may be affected. No vendor‑specific version information is provided, so any Linux kernel that incorporates that commit is potentially vulnerable until the revert is applied.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity vulnerability with potential impact on system integrity and availability. The EPSS score of less than 1 % suggests that the likelihood of this vulnerability being actively exploited in the wild is quite low at present. Because the vulnerability is not listed in the CISA KEV catalog, no widespread active exploitation is known. The flaw originates from an improper use of the .mmap_prepare callback, which may result in a reference count leak that could lead to resource exhaustion over time if not addressed.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`9d5403b1036cdcd4be0f9f5568612c0e60e73d79`	affected	< f51f85c044809fbd39ac8ae07ac99bc43ce32bd5
`9d5403b1036cdcd4be0f9f5568612c0e60e73d79`	affected	< 48c7a0eaeea41da17d1d84d2d7a4c40be122b246
`9d5403b1036cdcd4be0f9f5568612c0e60e73d79`	affected	< fbfc6578eaca12daa0c09df1e9ba7f2c657b49da

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[9d5403b1036cdcd4be0f9f5568612c0e60e73d79,f51f85c044809fbd39ac8ae07ac99bc43ce32bd5)`	affected	code_commit	—
`[9d5403b1036cdcd4be0f9f5568612c0e60e73d79,48c7a0eaeea41da17d1d84d2d7a4c40be122b246)`	affected	code_commit	—
`[9d5403b1036cdcd4be0f9f5568612c0e60e73d79,fbfc6578eaca12daa0c09df1e9ba7f2c657b49da)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.17`	affected	generic	—
`[0,6.17)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a Linux kernel version that includes the revert of the problematic commit.
If an upgrade cannot be performed immediately, apply the revert commit manually to the kernel source or use a patched kernel build that disables the buggy behaviour.
Monitor kernel memory usage and related metrics for unexpected growth that could indicate a reference count leak.

Generated by OpenCVE AI on May 30, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00127.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/48c7a0eaeea41da17d1d84d2d7a4c40be122b246
https://git.kernel.org/stable/c/f51f85c044809fbd39ac8ae07ac99bc43ce32bd5
https://git.kernel.org/stable/c/fbfc6578eaca12daa0c09df1e9ba7f2c657b49da
https://lore.kernel.org/linux-cve-announce/2026052705-CVE-2026-46100-fa8e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46100
https://www.cve.org/CVERecord?id=CVE-2026-46100

History

Sat, 30 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Thu, 28 May 2026 04:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-391

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026052705-CVE-2026-46100-fa8e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46100 https://www.cve.org/CVERecord?id=CVE-2026-46100

Wed, 27 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-391

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users to .mmap_prepare()"). This is because the .mmap invocation establishes a refcount, but .mmap_prepare is called at a point where a merge or an allocation failure might happen after the call, which would leak the refcount increment. Functionality is being added to permit the use of .mmap_prepare in this case, but in the interim, we need to fix this.
Title		fs: afs: revert mmap_prepare() change
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/48c7a0eaeea41da17d1d84d2d7a4c40be122b246 https://git.kernel.org/stable/c/f51f85c044809fbd39ac8ae07ac99bc43ce32bd5 https://git.kernel.org/stable/c/fbfc6578eaca12daa0c09df1e9ba7f2c657b49da

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:59:06.853Z

Updated: 2026-06-14T17:54:25.442Z

Reserved: 2026-05-13T15:03:33.097Z

Link: CVE-2026-46100

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:31.877

Modified: 2026-06-17T10:53:04.007

Link: CVE-2026-46100

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46100 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-30T13:30:24Z

Weaknesses

CWE-911
Improper Update of Reference Count

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object