Out-of-bounds Access Vulnerability in Linux Kernel's ext4 File System
CVE-2026-46094

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-46094?

An out-of-bounds access vulnerability was identified in the Linux kernel's ext4 file system, specifically within the check_xattrs() function. This issue arose due to an improper bounds check for xattr entries, allowing the 'next' pointer to potentially reference memory beyond the valid range. If the pointer lands near the end of the valid xattr region, the subsequent read operation could exceed this region, leading to potential memory corruption. The patch corrects the bounds check to ensure safe memory access by ensuring adequate space for subsequent read operations.

Affected Version(s)

Linux 3478c83cf26bbffd026ae6a56bcb1fe544f0834e

Linux 3478c83cf26bbffd026ae6a56bcb1fe544f0834e < 5a5314d2387633a272a04d1bd8727f99058e4e68

Linux 3478c83cf26bbffd026ae6a56bcb1fe544f0834e < 537e065977022aa22f2c2503e8accaf16622e0fd

References

https://git.kernel.org/stable/c/ab6da97bc310db35d4e4ef535...

https://git.kernel.org/stable/c/5a5314d2387633a272a04d1bd...

https://git.kernel.org/stable/c/537e065977022aa22f2c2503e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46094 Data

JSON