CVE-2026-46094
Awaiting Analysis Awaiting Analysis - Queue
Out-of-Bounds Access in Linux Kernel ext4 Filesystem

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access The bounds check for the next xattr entry in check_xattrs() uses (void *)next >= end, which allows next to point within sizeof(u32) bytes of end. On the next loop iteration, IS_LAST_ENTRY() reads 4 bytes via *(__u32 *)(entry), which can overrun the valid xattr region. For example, if next lands at end - 1, the check passes since next < end, but IS_LAST_ENTRY() reads 4 bytes starting at end - 1, accessing 3 bytes beyond the valid region. Fix this by changing the check to (void *)next + sizeof(u32) > end, ensuring there is always enough space for the IS_LAST_ENTRY() read on the subsequent iteration.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46094
EUVD
EUVD-2026-32477
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (inc)
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's ext4 filesystem code, specifically in the function check_xattrs(). The issue is a faulty bounds check when iterating over extended attribute (xattr) entries. The original check allowed the pointer 'next' to be within a few bytes of the end of the valid xattr region, which could cause the function IS_LAST_ENTRY() to read 4 bytes beyond the valid memory boundary. This out-of-bounds read can lead to memory corruption or crashes.

The fix changes the bounds check to ensure that there is always enough space for the 4-byte read by IS_LAST_ENTRY(), preventing the out-of-bounds access.

Impact Analysis

This vulnerability can lead to out-of-bounds memory access when processing extended attributes in the ext4 filesystem. Such memory access issues can cause system instability, crashes, or potentially allow an attacker to exploit the memory corruption for further attacks, such as privilege escalation or arbitrary code execution.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the bounds check in check_xattrs() has been fixed. This update ensures that the check properly prevents out-of-bounds access in the ext4 filesystem's extended attributes handling.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46094. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart