Improper control of a resource through its lifetime in Linux kernel - CVE-2026-46175
Published: May 29, 2026
Vulnerability identifier: #VU133011
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46175
CWE-ID: CWE-664
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause file system inconsistency.
The vulnerability exists due to improper state management in f2fs node block migration when performing foreground garbage collection of node blocks. A local user can trigger node block migration and subsequent file system checking to cause file system inconsistency.
The issue occurs because dentry and fsync marks are not cleared during foreground garbage collection, which can cause fsck to misinterpret migrated node blocks as fsync-written data.
How to mitigate CVE-2026-46175
Install security update from vendor's repository.