CVE-2026-46150

Source
https://cve.org/CVERecord?id=CVE-2026-46150
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46150.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46150
Downstream
Related
Published
2026-05-28T09:36:06.494Z
Modified
2026-07-09T10:14:37.040475981Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
fanotify: fix false positive on permission events
Details

In the Linux kernel, the following vulnerability has been resolved:

fanotify: fix false positive on permission events

fsnotifygetmark_safe() may return false for a mark on an unrelated group, which results in bypassing the permission check.

Fix by skipping over detached marks that are not in the current group.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46150.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
abc77577a669f424c5d0c185b9994f2621c52aa4
Fixed
a24765332e129c1916d5a6615418b75599b8fcdc
Fixed
4a7611ad653785fcdea5ff5f4441e2b7d05b7f11
Fixed
04bb66be92f48ed13c3faf1139d892df228789bc
Fixed
895ebbedf88318607c24acc0f591c74b165e1d0a
Fixed
f130790f1acc8399f32652846c875a251efd040f
Fixed
7baa02b0ae9d17ec5f08836d8ea88ce1927d0678
Fixed
b7b24b28c8cd55844cab908f4f39dded638d5538
Fixed
7746e3bd4cc19b5092e00d32d676e329bfcb6900

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46150.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.12.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.88
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.30
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46150.json"