CVE-2026-46080
Awaiting Analysis Awaiting Analysis - Queue
Credit Exhaustion in OCFS2 Kernel File System

Publication date: 2026-05-27

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in dio completion to avoid credit exhaustion During ocfs2 dio operations, JBD2 may report warnings via following call trace: ocfs2_dio_end_io_write ocfs2_mark_extent_written ocfs2_change_extent_flag ocfs2_split_extent ocfs2_try_to_merge_extent ocfs2_extend_rotate_transaction ocfs2_extend_trans jbd2__journal_restart start_this_handle output: JBD2: kworker/6:2 wants too many credits credits:5450 rsv_credits:0 max:5449 To prevent exceeding the credits limit, modify ocfs2_dio_end_io_write() to handle extents in a batch of transaction. Additionally, relocate ocfs2_del_inode_from_orphan(). The orphan inode should only be removed from the orphan list after the extent tree update is complete. This ensures that if a crash occurs in the middle of extent tree updates, we won't leave stale blocks beyond EOF. This patch also changes the logic for updating the inode size and removing orphan, making it similar to ext4_dio_write_end_io(). Both operations are performed only when everything looks good. Finally, thanks to Jans and Joseph for providing the bug fix prototype and suggestions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46080
EUVD
EUVD-2026-32463
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle ocfs2 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation involves updating the Linux kernel to a version where this vulnerability has been resolved. The fix includes splitting transactions in dio completion to avoid credit exhaustion and relocating the removal of orphan inodes to ensure consistency.

Until the kernel is updated, monitor for the warning messages to detect if the issue is occurring and avoid heavy ocfs2 dio operations that might trigger the credit exhaustion.

Detection Guidance

This vulnerability can be detected by monitoring system logs for specific JBD2 warnings related to ocfs2 dio operations. In particular, look for call traces indicating credit exhaustion such as the message: "JBD2: kworker/6:2 wants too many credits credits:5450 rsv_credits:0 max:5449".

To detect this on your system, you can use commands to search kernel logs for these warnings. For example:

  • Use dmesg or journalctl to check kernel logs: `dmesg | grep JBD2` or `journalctl -k | grep JBD2`
  • Look for the specific warning message about credit exhaustion in the output.
Executive Summary

This vulnerability occurs in the Linux kernel's ocfs2 filesystem during direct I/O (dio) operations. Specifically, the journaling layer JBD2 may report warnings about exceeding credit limits due to how transactions are handled in the dio completion process.

The issue arises because ocfs2_dio_end_io_write() attempts to handle too many extents in a single transaction, causing credit exhaustion. This can lead to warnings and potential instability.

The fix involves splitting transactions into smaller batches during dio completion to avoid exceeding credit limits. Additionally, the removal of orphan inodes is delayed until after extent tree updates are fully completed, preventing stale blocks if a crash occurs mid-update.

The patch also aligns inode size updates and orphan removal logic with that of ext4_dio_write_end_io(), ensuring these operations only occur when all updates are successful.

Impact Analysis

This vulnerability can lead to warnings and potential instability in the filesystem during direct I/O operations on ocfs2. If the credit exhaustion is not properly handled, it may cause transaction failures or inconsistencies.

In the worst case, if a crash occurs during extent tree updates and orphan inode removal is not properly synchronized, stale blocks beyond the end of file (EOF) could remain, potentially leading to data corruption or loss.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46080. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart