CVE-2026-45920
Awaiting Analysis Awaiting Analysis - Queue
ext4 Filesystem Dirty Clusters Counter Double Decrement

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4_put_super() associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324 ext4_put_super+0x48c/0x590 [ext4] Tracing the failure shows that the warning fires due to an s_dirtyclusters_counter value of -1. IOW, this appears to be a spurious decrement as opposed to some sort of leak. Further tracing of the dirty cluster count deltas and an LLM scan of the resulting output identified the cause as a double decrement in the error path between ext4_mb_mark_diskspace_used() and the caller ext4_mb_new_blocks(). First, note that generic/388 is a shutdown vs. fsstress test and so produces a random set of operations and shutdown injections. In the problematic case, the shutdown triggers an error return from the ext4_handle_dirty_metadata() call(s) made from ext4_mb_mark_context(). The changed value is non-zero at this point, so ext4_mb_mark_diskspace_used() does not exit after the error bubbles up from ext4_mb_mark_context(). Instead, the former decrements both cluster counters and returns the error up to ext4_mb_new_blocks(). The latter falls into the !ar->len out path which decrements the dirty clusters counter a second time, creating the inconsistency. To avoid this problem and simplify ownership of the cluster reservation in this codepath, lift the counter reduction to a single place in the caller. This makes it more clear that ext4_mb_new_blocks() is responsible for acquiring cluster reservation (via ext4_claim_free_clusters()) in the !delalloc case as well as releasing it, regardless of whether it ends up consumed or returned due to failure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45920
EUVD
EUVD-2026-32386
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a bug in the Linux kernel's ext4 filesystem code related to how it manages dirty cluster counters during filesystem shutdown.

Specifically, there is a double decrement of the dirty clusters counter in an error path between two functions: ext4_mb_mark_diskspace_used() and ext4_mb_new_blocks(). This causes the dirty cluster count to become inconsistent, sometimes going negative, which triggers warnings during shutdown.

The root cause is that the counter is decremented twice when an error occurs, instead of once, leading to incorrect tracking of reserved disk space.

The fix involves moving the counter decrement to a single place in the caller function to ensure proper ownership and consistent handling of cluster reservations.

Impact Analysis

This vulnerability can cause warnings and inconsistencies in the ext4 filesystem's tracking of dirty clusters during shutdown.

While the description does not explicitly mention data loss or corruption, incorrect dirty cluster counts could potentially lead to filesystem inconsistencies or unexpected behavior during shutdown or recovery.

At minimum, it may cause system logs to show warnings related to ext4_put_super(), which could complicate troubleshooting or indicate underlying filesystem state issues.

Detection Guidance

This vulnerability manifests as a warning related to the ext4 filesystem during shutdown, specifically a warning in ext4_put_super() about the dirty clusters count becoming negative.

To detect this issue on your system, you can monitor the system logs for warnings similar to the following message:

  • WARNING: CPU: <cpu_id> PID: <pid> at fs/ext4/super.c:<line_number> ext4_put_super+0x48c/0x590 [ext4]

You can use commands like 'dmesg' or 'journalctl' to search for such warnings:

  • dmesg | grep ext4_put_super
  • journalctl -k | grep ext4_put_super

Additionally, running the fstests generic/388 test may occasionally reproduce this warning, which can help in detection.

Mitigation Strategies

The vulnerability is fixed by correcting the double decrement of the dirty clusters counter in the ext4 filesystem code during shutdown.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this issue.
  • Avoid using affected kernel versions where this warning occurs, especially in environments where filesystem integrity is critical.
  • Monitor system logs for the warning to detect if the issue is present.

Since this is a filesystem internal counter issue that occurs during shutdown, ensuring proper kernel updates is the primary mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45920. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart