CVE-2026-46100

Sažetak

In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users to .mmap_prepare()"). This is because the .mmap invocation establishes a refcount, but .mmap_prepare is called at a point where a merge or an allocation failure might happen after the call, which would leak the refcount increment. Functionality is being added to permit the use of .mmap_prepare in this case, but in the interim, we need to fix this.

Reference

https://git.kernel.org/stable/c/48c7a0eaeea41da17d1d84d2d7a4c40be122b246
https://git.kernel.org/stable/c/f51f85c044809fbd39ac8ae07ac99bc43ce32bd5
https://git.kernel.org/stable/c/fbfc6578eaca12daa0c09df1e9ba7f2c657b49da

CVSS

Base:	7.8
Impact:	5.9
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

30-05-2026 - 11:17

Objavljeno

27-05-2026 - 14:17