CVE-2026-45912 (GCVE-0-2026-45912)
Vulnerability from cvelistv5
Published
2026-05-27 12:17
Modified
2026-05-30 10:41
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: don't cache extent during splitting extent
Caching extents during the splitting process is risky, as it may result
in stale extents remaining in the status tree. Moreover, in most cases,
the corresponding extent block entries are likely already cached before
the split happens, making caching here not particularly useful.
Assume we have an unwritten extent, and then DIO writes the first half.
[UUUUUUUUUUUUUUUU] on-disk extent U: unwritten extent
[UUUUUUUUUUUUUUUU] extent status tree
|<- ->| ----> dio write this range
First, when ext4_split_extent_at() splits this extent, it truncates the
existing extent and then inserts a new one. During this process, this
extent status entry may be shrunk, and calls to ext4_find_extent() and
ext4_cache_extents() may occur, which could potentially insert the
truncated range as a hole into the extent status tree. After the split
is completed, this hole is not replaced with the correct status.
[UUUUUUU|UUUUUUUU] on-disk extent U: unwritten extent
[UUUUUUU|HHHHHHHH] extent status tree H: hole
Then, the outer calling functions will not correct this remaining hole
extent either. Finally, if we perform a delayed buffer write on this
latter part, it will re-insert the delayed extent and cause an error in
space accounting.
In adition, if the unwritten extent cache is not shrunk during the
splitting, ext4_cache_extents() also conflicts with existing extents
when caching extents. In the future, we will add checks when caching
extents, which will trigger a warning. Therefore, Do not cache extents
that are being split.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 107a7bd31ac003e42c0f966aa8e5b26947de6024 Version: 107a7bd31ac003e42c0f966aa8e5b26947de6024 Version: 107a7bd31ac003e42c0f966aa8e5b26947de6024 Version: 107a7bd31ac003e42c0f966aa8e5b26947de6024 Version: 107a7bd31ac003e42c0f966aa8e5b26947de6024 Version: 107a7bd31ac003e42c0f966aa8e5b26947de6024 Version: 107a7bd31ac003e42c0f966aa8e5b26947de6024 Version: 107a7bd31ac003e42c0f966aa8e5b26947de6024 |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8302b5b4aacdbb378f7b1216bb2ee782b5142415",
"status": "affected",
"version": "107a7bd31ac003e42c0f966aa8e5b26947de6024",
"versionType": "git"
},
{
"lessThan": "692103feca376ae4298c92aa8828015d20f1d87b",
"status": "affected",
"version": "107a7bd31ac003e42c0f966aa8e5b26947de6024",
"versionType": "git"
},
{
"lessThan": "4c2d9dac4d328244f9365b0a1fa27ec802821820",
"status": "affected",
"version": "107a7bd31ac003e42c0f966aa8e5b26947de6024",
"versionType": "git"
},
{
"lessThan": "93b2ebbbcb2e63cfc21a1946dfe91d3aa7952036",
"status": "affected",
"version": "107a7bd31ac003e42c0f966aa8e5b26947de6024",
"versionType": "git"
},
{
"lessThan": "96007fd3c106aea773c1afae2d6f64cceb6da208",
"status": "affected",
"version": "107a7bd31ac003e42c0f966aa8e5b26947de6024",
"versionType": "git"
},
{
"lessThan": "5b1f4290453314e11cd8e15c7baa8a9b76c19b23",
"status": "affected",
"version": "107a7bd31ac003e42c0f966aa8e5b26947de6024",
"versionType": "git"
},
{
"lessThan": "9a2b95cdaf07785e2739199037bd9c0863ccc1be",
"status": "affected",
"version": "107a7bd31ac003e42c0f966aa8e5b26947de6024",
"versionType": "git"
},
{
"lessThan": "8b4b19a2f96348d70bfa306ef7d4a13b0bcbea79",
"status": "affected",
"version": "107a7bd31ac003e42c0f966aa8e5b26947de6024",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/extents.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.252",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.252",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.202",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.165",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.128",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.75",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.14",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.4",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: don\u0027t cache extent during splitting extent\n\nCaching extents during the splitting process is risky, as it may result\nin stale extents remaining in the status tree. Moreover, in most cases,\nthe corresponding extent block entries are likely already cached before\nthe split happens, making caching here not particularly useful.\n\nAssume we have an unwritten extent, and then DIO writes the first half.\n\n [UUUUUUUUUUUUUUUU] on-disk extent U: unwritten extent\n [UUUUUUUUUUUUUUUU] extent status tree\n |\u003c- -\u003e| ----\u003e dio write this range\n\nFirst, when ext4_split_extent_at() splits this extent, it truncates the\nexisting extent and then inserts a new one. During this process, this\nextent status entry may be shrunk, and calls to ext4_find_extent() and\next4_cache_extents() may occur, which could potentially insert the\ntruncated range as a hole into the extent status tree. After the split\nis completed, this hole is not replaced with the correct status.\n\n [UUUUUUU|UUUUUUUU] on-disk extent U: unwritten extent\n [UUUUUUU|HHHHHHHH] extent status tree H: hole\n\nThen, the outer calling functions will not correct this remaining hole\nextent either. Finally, if we perform a delayed buffer write on this\nlatter part, it will re-insert the delayed extent and cause an error in\nspace accounting.\n\nIn adition, if the unwritten extent cache is not shrunk during the\nsplitting, ext4_cache_extents() also conflicts with existing extents\nwhen caching extents. In the future, we will add checks when caching\nextents, which will trigger a warning. Therefore, Do not cache extents\nthat are being split."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T10:41:46.666Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8302b5b4aacdbb378f7b1216bb2ee782b5142415"
},
{
"url": "https://git.kernel.org/stable/c/692103feca376ae4298c92aa8828015d20f1d87b"
},
{
"url": "https://git.kernel.org/stable/c/4c2d9dac4d328244f9365b0a1fa27ec802821820"
},
{
"url": "https://git.kernel.org/stable/c/93b2ebbbcb2e63cfc21a1946dfe91d3aa7952036"
},
{
"url": "https://git.kernel.org/stable/c/96007fd3c106aea773c1afae2d6f64cceb6da208"
},
{
"url": "https://git.kernel.org/stable/c/5b1f4290453314e11cd8e15c7baa8a9b76c19b23"
},
{
"url": "https://git.kernel.org/stable/c/9a2b95cdaf07785e2739199037bd9c0863ccc1be"
},
{
"url": "https://git.kernel.org/stable/c/8b4b19a2f96348d70bfa306ef7d4a13b0bcbea79"
}
],
"title": "ext4: don\u0027t cache extent during splitting extent",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-45912",
"datePublished": "2026-05-27T12:17:27.805Z",
"dateReserved": "2026-05-13T15:03:33.085Z",
"dateUpdated": "2026-05-30T10:41:46.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…