CVE-2026-45858
Awaiting Analysis Awaiting Analysis - Queue
Integer Overflow in Linux Kernel ext4 Filesystem

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten extent during end I/O and converting it to initialized, there is currently a potential issue of stale data if the extent needs to be split in the middle. 0 A B N [UUUUUUUUUUUU] U: unwritten extent [--DDDDDDDD--] D: valid data |<- ->| ----> this range needs to be initialized ext4_split_extent() first try to split this extent at B with EXT4_EXT_DATA_ENTIRE_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but ext4_split_extent_at() failed to split this extent due to temporary lack of space. It zeroout B to N and mark the entire extent from 0 to N as written. 0 A B N [WWWWWWWWWWWW] W: written extent [SSDDDDDDDDZZ] Z: zeroed, S: stale data ext4_split_extent() then try to split this extent at A with EXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and left a stale written extent from 0 to A. 0 A B N [WW|WWWWWWWWWW] [SS|DDDDDDDDZZ] Fix this by pass EXT4_EXT_DATA_PARTIAL_VALID1 to ext4_split_extent_at() when splitting at B, don't convert the entire extent to written and left it as unwritten after zeroing out B to N. The remaining work is just like the standard two-part split. ext4_split_extent() will pass the EXT4_EXT_DATA_VALID2 flag when it calls ext4_split_extent_at() for the second time, allowing it to properly handle the split. If the split is successful, it will keep extent from 0 to A as unwritten.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45858
EUVD
EUVD-2026-32324
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's ext4 filesystem code related to how it handles block allocation and extent splitting. Specifically, when allocating initialized blocks from a large unwritten extent or splitting an unwritten extent during end I/O and converting it to initialized, there is a risk of stale data being left in parts of the extent if the extent needs to be split in the middle.

The issue occurs because the function ext4_split_extent() attempts to split an extent with certain flags set, but if the split fails due to lack of space, it zeroes out part of the extent and marks the entire extent as written. Later, when it successfully splits the extent at a different point, it leaves a stale written extent (containing old data) in part of the range. The fix involves changing the flags passed during the first split attempt to avoid converting the entire extent to written prematurely, thus preventing stale data from being left behind.

Impact Analysis

This vulnerability can lead to stale data being exposed in parts of the filesystem where it should have been zeroed out or properly initialized. This means that old data remnants might be accessible or leaked unintentionally, potentially exposing sensitive or private information stored previously in those disk blocks.

Such exposure of stale data can compromise data integrity and confidentiality, possibly allowing unauthorized access to residual data that should have been cleared.

Mitigation Strategies

This vulnerability has been resolved in the Linux kernel by fixing the ext4 extent splitting logic to prevent stale data exposure.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

No other specific mitigation steps or workarounds are provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45858. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart