CVE-2026-46150 - Vulnerability Details

- fanotify: fix false positive on permission events

Description

In the Linux kernel, the following vulnerability has been resolved:

fanotify: fix false positive on permission events

fsnotify_get_mark_safe() may return false for a mark on an unrelated group,
which results in bypassing the permission check.

Fix by skipping over detached marks that are not in the current group.

Published: 2026-05-28

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s fanotify subsystem allows a mark to be incorrectly associated with the current group, causing the kernel to skip a permission check. An attacker who can create or modify fanotify marks may therefore access files or perform actions without the required authorities, effectively elevating privileges or bypassing intended access controls. Based on the description, it is inferred that the attack requires the ability to create or manipulate fanotify marks, a capability generally available only to local users with appropriate permissions.

Affected Systems

This vulnerability affects all versions of the Linux kernel that have not incorporated the patch fixing fsnotify_get_mark_safe() to skip detached marks. No specific release range is given, so any kernel with the unresolved flaw is potentially affected.

Risk and Exploitability

The flaw has a CVSS score of 7.1 and an EPSS of <1%, indicating moderate severity with a very low estimated exploitation likelihood. Because it is not listed in the CISA KEV catalog, no widespread exploitation has been documented. An attacker must have the ability to interact with the fanotify interface—generally a local or privileged user—to trigger the bypass. If exploited, the attacker can gain unauthorized access to protected resources on the affected system.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`abc77577a669f424c5d0c185b9994f2621c52aa4`	affected	< a24765332e129c1916d5a6615418b75599b8fcdc
`abc77577a669f424c5d0c185b9994f2621c52aa4`	affected	< 4a7611ad653785fcdea5ff5f4441e2b7d05b7f11
`abc77577a669f424c5d0c185b9994f2621c52aa4`	affected	< 04bb66be92f48ed13c3faf1139d892df228789bc
`abc77577a669f424c5d0c185b9994f2621c52aa4`	affected	< 895ebbedf88318607c24acc0f591c74b165e1d0a
`abc77577a669f424c5d0c185b9994f2621c52aa4`	affected	< f130790f1acc8399f32652846c875a251efd040f
`abc77577a669f424c5d0c185b9994f2621c52aa4`	affected	< 7baa02b0ae9d17ec5f08836d8ea88ce1927d0678
`abc77577a669f424c5d0c185b9994f2621c52aa4`	affected	< b7b24b28c8cd55844cab908f4f39dded638d5538
`abc77577a669f424c5d0c185b9994f2621c52aa4`	affected	< 7746e3bd4cc19b5092e00d32d676e329bfcb6900

Linux

affected

Version	Status	Constraints
`4.12`	affected	—
`0`	unaffected	< 4.12
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.1:rc1::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[abc77577a669f424c5d0c185b9994f2621c52aa4,895ebbedf88318607c24acc0f591c74b165e1d0a)`	affected	code_commit	—
`[abc77577a669f424c5d0c185b9994f2621c52aa4,f130790f1acc8399f32652846c875a251efd040f)`	affected	code_commit	—
`[abc77577a669f424c5d0c185b9994f2621c52aa4,7baa02b0ae9d17ec5f08836d8ea88ce1927d0678)`	affected	code_commit	—
`[abc77577a669f424c5d0c185b9994f2621c52aa4,b7b24b28c8cd55844cab908f4f39dded638d5538)`	affected	code_commit	—
`[abc77577a669f424c5d0c185b9994f2621c52aa4,7746e3bd4cc19b5092e00d32d676e329bfcb6900)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.12`	affected	generic	—
`[0,4.12)`	unaffected	generic	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.88,6.13.0)`	unaffected	semver	—
`[6.18.30,6.19.0)`	unaffected	semver	—
`[7.0.7,7.1.0)`	unaffected	semver	—
`[7.1-rc2,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a Linux kernel update that includes the fanotify fix, as referenced in the commit logs.
Restrict fanotify mark usage, ensuring marks are only added by trusted groups and to approved file paths.
Activate or tighten mandatory access control systems such as SELinux or AppArmor to enforce stricter permission checks on fanotify operations.

Generated by OpenCVE AI on June 9, 2026 at 22:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00142.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/04bb66be92f48ed13c3faf1139d892df228789bc
https://git.kernel.org/stable/c/4a7611ad653785fcdea5ff5f4441e2b7d05b7f11
https://git.kernel.org/stable/c/7746e3bd4cc19b5092e00d32d676e329bfcb6900
https://git.kernel.org/stable/c/7baa02b0ae9d17ec5f08836d8ea88ce1927d0678
https://git.kernel.org/stable/c/895ebbedf88318607c24acc0f591c74b165e1d0a
https://git.kernel.org/stable/c/a24765332e129c1916d5a6615418b75599b8fcdc
https://git.kernel.org/stable/c/b7b24b28c8cd55844cab908f4f39dded638d5538
https://git.kernel.org/stable/c/f130790f1acc8399f32652846c875a251efd040f
https://lore.kernel.org/linux-cve-announce/2026052822-CVE-2026-46150-c96d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46150
https://www.cve.org/CVERecord?id=CVE-2026-46150

History

Tue, 09 Jun 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:7.1:rc1::::::

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/04bb66be92f48ed13c3faf1139d892df228789bc https://git.kernel.org/stable/c/4a7611ad653785fcdea5ff5f4441e2b7d05b7f11 https://git.kernel.org/stable/c/a24765332e129c1916d5a6615418b75599b8fcdc

Sat, 30 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

Fri, 29 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-280
References		https://lore.kernel.org/linux-cve-announce/2026052822-CVE-2026-46150-c96d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46150 https://www.cve.org/CVERecord?id=CVE-2026-46150
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotify_get_mark_safe() may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the current group.
Title		fanotify: fix false positive on permission events
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/7746e3bd4cc19b5092e00d32d676e329bfcb6900 https://git.kernel.org/stable/c/7baa02b0ae9d17ec5f08836d8ea88ce1927d0678 https://git.kernel.org/stable/c/895ebbedf88318607c24acc0f591c74b165e1d0a https://git.kernel.org/stable/c/b7b24b28c8cd55844cab908f4f39dded638d5538 https://git.kernel.org/stable/c/f130790f1acc8399f32652846c875a251efd040f

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:36:06.494Z

Updated: 2026-06-14T17:58:15.548Z

Reserved: 2026-05-13T15:03:33.101Z

Link: CVE-2026-46150

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-28T10:16:30.630

Modified: 2026-06-09T21:06:10.623

Link: CVE-2026-46150

Redhat

Severity : Important

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46150 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-09T23:00:15Z

Weaknesses

CWE-280
Improper Handling of Insufficient Permissions or Privileges
NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object