Resource exhaustion in Linux kernel - CVE-2026-46080
Published: May 27, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource management in ocfs2 direct I/O completion handling when processing direct I/O write completion. A local user can trigger direct I/O operations that exhaust journal transaction credits to cause a denial of service.
A crash during extent tree updates may leave stale blocks beyond EOF.
How to mitigate CVE-2026-46080
Sources
- https://git.kernel.org/stable/c/069c3fb310e9336cf48cfdf8748a32c29fd0193d
- https://git.kernel.org/stable/c/3c636a3edca9c3f180b3079f94fe7e115730d9c6
- https://git.kernel.org/stable/c/886f97fa59d0bbfa9859fb1a66dd9e014b522d89
- https://git.kernel.org/stable/c/d647c5b2fbf81560818dacade360abc8c00a9665
- https://git.kernel.org/stable/c/ea5bb1d20da756e4f41a48dad42b2e7d6e73f71e