CVE-2026-46302

Source
https://cve.org/CVERecord?id=CVE-2026-46302
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46302.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46302
Downstream
Related
Published
2026-06-08T15:46:29.545Z
Modified
2026-07-10T03:53:36.187613112Z
Summary
selinux: allow multiple opens of /sys/fs/selinux/policy
Details

In the Linux kernel, the following vulnerability has been resolved:

selinux: allow multiple opens of /sys/fs/selinux/policy

Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The original motivation seems to have been a mix of preventing an inconsistent view of the policy size and preventing userspace from allocating kernel memory without bound, but this is arguably equally bad. Eliminate the policyopened flag and shrink the critical section that the policy mutex is held. While we are making changes here, drop a couple of extraneous BUGONs.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46302.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cee74f47a6baba0ac457e87687fdcf0abd599f0a
Fixed
714362f3779dfa453a78ced32396a72726962a41
Fixed
a02cd6805562305f936e807da83e253b719dd965

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46302.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.37
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46302.json"