Race condition in Linux kernel - CVE-2026-46194
Published: May 29, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in the f2fs extent tree handling in __destroy_extent_node() and __update_extent_tree_range() when concurrent inode drop and writeback operations occur. A local user can trigger concurrent writeback during extent node destruction to cause a denial of service.
The issue can trigger f2fs_bug_on() because new extent nodes may be inserted into the same extent tree while extent nodes are being destroyed, and EX_BLOCK_AGE updates were left unprotected.
How to mitigate CVE-2026-46194
Sources
- https://git.kernel.org/stable/c/0559a0e962aacbb47519e26ee663be04b72dcb92
- https://git.kernel.org/stable/c/42dd1c91f993431d0b399502479d00e6ad1bca71
- https://git.kernel.org/stable/c/ab1eaf9d5c99042f5b0243bf67a06283a4c0757f
- https://git.kernel.org/stable/c/b0e4395870eb3441ddc959f6710b5f6ca61aff26
- https://git.kernel.org/stable/c/ed78aeebef05212ef7dca93bd931e4eff67c113f