Main Vulnerability Database Vulnerabilities #VU132429

Improper access control in Linux kernel - CVE-2026-46054

Published: May 28, 2026

Vulnerability identifier: #VU132429

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-46054

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to bypass SELinux access controls.

The vulnerability exists due to improper access control in SELinux overlayfs mmap() and mprotect() access checks when handling mmap() and mprotect() operations on overlayfs filesystems. A local user can map or change protections on an overlayfs file to bypass SELinux access controls.

How to mitigate CVE-2026-46054

Install security update from vendor's repository.

Sources

https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1
https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51

Improper access control in Linux kernel - CVE-2026-46054

Detailed vulnerability description

How to mitigate CVE-2026-46054

Sources

Please verify you're human