CVE-2026-46150

HIGH

fanotify: fix false positive on permission events

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotify_get_mark_safe() may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the current group.

Scores

CVSS v3 7.1
EPSS 0.0014
EPSS Percentile 3.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

Status published
Products (28)
linux/Kernel 4.12.0 - 5.10.258linux
linux/Kernel 5.11.0 - 5.15.209linux
linux/Kernel 5.16.0 - 6.1.175linux
linux/Kernel 6.13.0 - 6.18.30linux
linux/Kernel 6.19.0 - 7.0.7linux
linux/Kernel 6.2.0 - 6.6.140linux
linux/Kernel 6.7.0 - 6.12.88linux
Linux/Linux < 4.12
Linux/Linux 4.12
Linux/Linux 5.10.258 - 5.10.*
... and 18 more
Published May 28, 2026
Tracked Since May 28, 2026