CVE-2026-46100
Analyzed Analyzed - Analysis Complete

Revert mmap_prepare() Change in Linux Kernel

Vulnerability report for CVE-2026-46100, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-27

Last updated on: 2026-06-25

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users to .mmap_prepare()"). This is because the .mmap invocation establishes a refcount, but .mmap_prepare is called at a point where a merge or an allocation failure might happen after the call, which would leak the refcount increment. Functionality is being added to permit the use of .mmap_prepare in this case, but in the interim, we need to fix this.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-27
Last Modified
2026-06-25
Generated
2026-07-07
AI Q&A
2026-05-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 6.17 (inc) to 6.18.27 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's AFS filesystem code related to memory mapping operations. Specifically, a change to the mmap_prepare() function was partially reverted because the original change caused a reference count leak. The issue arises because the .mmap function establishes a reference count, but .mmap_prepare is called earlier where a merge or allocation failure might occur after the call, leading to the reference count increment being leaked. The fix involves reverting the problematic change and adding functionality to safely use .mmap_prepare in this context.

Impact Analysis

The vulnerability can lead to a reference count leak in the Linux kernel's AFS filesystem memory mapping operations. This leak could potentially cause resource exhaustion or instability in the kernel due to unreleased references, which might degrade system performance or cause unexpected behavior.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46100. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart