112 matches found
CVE-2026-52990
A flaw was found in the Linux kernel. A local attacker could exploit a race condition in the fsnotifyrecalcmask function, which fails to properly handle an inode reference. This improper handling can lead to an inode reference leak, causing tasks to hang and resulting in a Denial of Service DoS f...
Linux Distros Unpatched Vulnerability : CVE-2026-52990
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode...
EUVD-2026-38858
In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...
CVE-2026-52990
In the Linux kernel, the following vulnerability has been resolved: fsnotify: fix inode reference leak in fsnotifyrecalcmask fsnotifyrecalcmask fails to handle the return value of fsnotifyrecalcmask, which may return an inode pointer that needs to be released via fsnotifydropobject when the...
CVE-2026-52990
CVE-2026-52990 involves the Linux kernel fsnotify subsystem. The bug stems from fsnotify_recalc_mask() returning an inode pointer without releasing it when the connector’s HAS_IREF flag transitions from true to false, leaving an iref leak that can cause a hung task (example trace includes unmount...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: fsnotify: Do not generate ACCESS/MODIFY events for special files in child processes. inotify/fanotify: Do not allow users who have no read access to a file to subscribe to events like INACCESS/INMODIFY. However, users can stil...
PT-2026-51884
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An inode reference leak exists in the fsnotify subsystem. The function fsnotify recalc mask fails to handle the return value of fsnotify recalc mask, which may return an inode pointer th...
CVE-2026-46150
A flaw was found in the Linux kernel's fanotify subsystem. This vulnerability allows for a bypass of permission checks because the fsnotifygetmarksafe function may incorrectly return false for marks on unrelated groups. This could enable an attacker to perform unauthorized actions by circumventin...
CVE-2026-46150
The CVE-2026-46150 issue affects the Linux kernel fanotify subsystem. It arises because fsnotify_get_mark_safe() may return false for a mark in an unrelated group, bypassing the permission check. The fix patches the logic to skip detached marks that are not in the current group, mitigating the by...
EUVD-2026-32777
In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...
inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
...
SUSE CVE-2026-46040
In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...
CVE-2026-46040
In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...
CVE-2026-46040 inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...
CVE-2026-46040
In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of the fsnotifyadd inodemarklocked function in inotifynewwatch, where the monitoring...
CVE-2026-46040
inotify: fix watch count leak when fsnotifyaddinodemarklocked fails...
PT-2026-43907
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A watch count leak occurs in the inotify system when the fsnotify add inode mark locked function fails within inotify new watch. In this scenario, the error path executes inotify remove...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iouring/rw: Defer fsnotify calls to task context. We cannot defer these calls outside of the kiocb completion, as that might be off-soft/hard IRQ context. We should defer the calls until we process the taskwork for this reques...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fsnotify: Clearing PARENTWATCHED flags lazily In some setups, directories can have many usually negative entries. Therefore, the fsnotifyupdatechilddentryflags function can take a significant amount of time. Since most of this...