PT-2026-44317 · Linux · Linux Kernel
Published
2026-05-28
·
Updated
2026-06-10
·
CVE-2026-46194
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A race condition exists in the f2fs file system between the destruction of extent nodes and the writeback process. The function
f2fs destroy extent node() fails to set the FI NO EXTENT flag before clearing extent nodes. When triggered via f2fs drop inode() with I SYNC set, a concurrent kworker writeback can insert new extent nodes into the same extent tree through the update extent tree range() function. This race can lead to a system crash by triggering f2fs bug on() in destroy extent node() because the node cnt variable becomes greater than zero. Furthermore, update extent tree range() only verifies FI NO EXTENT for the EX READ type, leaving EX BLOCK AGE updates unprotected.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel