CVE-2026-45892

NONE EPSS 5.1%
Published May 27, 20261mo ago · Modified Jun 17, 20261w ago
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache after doing PARTIAL_VALID1 zeroout When splitting an unwritten extent in the middle and converting it to initialized in ext4_split_extent() with the EXT4_EXT_MAY_ZEROOUT and EXT4_EXT_DATA_VALID2 flags set, it could leave a stale unwritten extent. Assume we have an unwritten file and buffered write in the middle of it without dioread_nolock enabled, it will allocate blocks as written extent. 0 A B N [UUUUUUUUUUUU] on-disk extent U: unwritten extent [UUUUUUUUUUUU] extent status tree [--DDDDDDDD--] D: valid data |<- ->| ----> this range needs to be initialized ext4_split_extent() first try to split this extent at B with EXT4_EXT_DATA_PARTIAL_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but ext4_split_extent_at() failed to split this extent due to temporary lack of space. It zeroout B to N and leave the entire extent as unwritten. 0 A B N [UUUUUUUUUUUU] on-disk extent [UUUUUUUUUUUU] extent status tree [--DDDDDDDDZZ] Z: zeroed data ext4_split_extent() then try to split this extent at A with EXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and leave an written extent from A to N. 0 A B N [UUWWWWWWWWWW] on-disk extent W: written extent [UUUUUUUUUUUU] extent status tree [--DDDDDDDDZZ] Finally ext4_map_create_blocks() only insert extent A to B to the extent status tree, and leave an stale unwritten extent in the status tree. 0 A B N [UUWWWWWWWWWW] on-disk extent W: written extent [UUWWWWWWWWUU] extent status tree [--DDDDDDDDZZ] Fix this issue by always cached extent status entry after zeroing out the second part.

Threat Intelligence

EPSS Exploit Probability
5.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 6

  • git.kernel.org https://git.kernel.org/stable/c/28db4bfc6f82fd20e2aadb7fc162244109a4eb31
  • git.kernel.org https://git.kernel.org/stable/c/6d882ea3b0931b43530d44149b79fcd4ffc13030
  • git.kernel.org https://git.kernel.org/stable/c/a1b962a821e7a52d48212ae269b45808b4411267
  • git.kernel.org https://git.kernel.org/stable/c/c2ee51d684adca7645e4aa74adca13f6750390bc
  • git.kernel.org https://git.kernel.org/stable/c/d8ee559fccdef713f058cfe5f2c03dc9b18be3b1
  • git.kernel.org https://git.kernel.org/stable/c/f0931a5c17005a0c4fc35bd1a001245effc3354b

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.