CVE-2026-45915
Awaiting Analysis Awaiting Analysis - Queue
FAT Filesystem Link Count Underflow in Linux Kernel

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect i_nlink (e.g. 2 even though subdirectories exist). rmdir then unconditionally calls drop_nlink(dir) and can drive i_nlink to 0, triggering the WARN_ON in drop_nlink(). Add a sanity check in vfat_rmdir() and msdos_rmdir(): only drop the parent link count when it is at least 3, otherwise report a filesystem error.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45915
EUVD
EUVD-2026-32381
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's handling of FAT filesystems. Specifically, corrupted FAT images can cause a directory inode to have an incorrect link count (i_nlink), such as showing 2 even though subdirectories exist. When the rmdir operation is called, it unconditionally decreases the parent directory's link count using drop_nlink(dir). This can reduce the link count to zero, which triggers a warning (WARN_ON) in the kernel.

The fix involves adding a sanity check in the vfat_rmdir() and msdos_rmdir() functions to only decrease the parent link count if it is at least 3. If the link count is less than 3, the operation reports a filesystem error instead of decreasing the count.

Impact Analysis

This vulnerability can lead to incorrect filesystem behavior when removing directories on FAT filesystems with corrupted images. Specifically, it can cause the directory link count to underflow, triggering kernel warnings and potentially destabilizing the filesystem state.

While the description does not explicitly mention security impacts such as privilege escalation or data loss, the filesystem errors and warnings could lead to system instability or unexpected behavior when managing directories.

Mitigation Strategies

The vulnerability is resolved by adding a sanity check in the Linux kernel's vfat_rmdir() and msdos_rmdir() functions to prevent parent link count underflow in rmdir operations on FAT filesystems.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45915. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart