{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45892", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.083Z", "datePublished": "2026-05-27T12:17:03.175Z", "dateUpdated": "2026-05-30T10:41:42.703Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-30T10:41:42.703Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop extent cache after doing PARTIAL_VALID1 zeroout\n\nWhen splitting an unwritten extent in the middle and converting it to\ninitialized in ext4_split_extent() with the EXT4_EXT_MAY_ZEROOUT and\nEXT4_EXT_DATA_VALID2 flags set, it could leave a stale unwritten extent.\n\nAssume we have an unwritten file and buffered write in the middle of it\nwithout dioread_nolock enabled, it will allocate blocks as written\nextent.\n\n 0 A B N\n [UUUUUUUUUUUU] on-disk extent U: unwritten extent\n [UUUUUUUUUUUU] extent status tree\n [--DDDDDDDD--] D: valid data\n |<- ->| ----> this range needs to be initialized\n\next4_split_extent() first try to split this extent at B with\nEXT4_EXT_DATA_PARTIAL_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but\next4_split_extent_at() failed to split this extent due to temporary lack\nof space. It zeroout B to N and leave the entire extent as unwritten.\n\n 0 A B N\n [UUUUUUUUUUUU] on-disk extent\n [UUUUUUUUUUUU] extent status tree\n [--DDDDDDDDZZ] Z: zeroed data\n\next4_split_extent() then try to split this extent at A with\nEXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and\nleave an written extent from A to N.\n\n 0 A B N\n [UUWWWWWWWWWW] on-disk extent W: written extent\n [UUUUUUUUUUUU] extent status tree\n [--DDDDDDDDZZ]\n\nFinally ext4_map_create_blocks() only insert extent A to B to the extent\nstatus tree, and leave an stale unwritten extent in the status tree.\n\n 0 A B N\n [UUWWWWWWWWWW] on-disk extent W: written extent\n [UUWWWWWWWWUU] extent status tree\n [--DDDDDDDDZZ]\n\nFix this issue by always cached extent status entry after zeroing out\nthe second part."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/extents.c"], "versions": [{"version": "ddf854e59166533b0f46ba32cd6cd9aca3197d1b", "lessThan": "28db4bfc6f82fd20e2aadb7fc162244109a4eb31", "status": "affected", "versionType": "git"}, {"version": "58ddae5d77b1db3a27b891c75a8fa120239ac092", "lessThan": "f0931a5c17005a0c4fc35bd1a001245effc3354b", "status": "affected", "versionType": "git"}, {"version": "d17857b4fb9ba5745b59be0ef38fd532991fccbf", "lessThan": "d8ee559fccdef713f058cfe5f2c03dc9b18be3b1", "status": "affected", "versionType": "git"}, {"version": "d67c8ecf3d8fda9b8ef80e6f665d84b6d6ac9d88", "lessThan": "c2ee51d684adca7645e4aa74adca13f6750390bc", "status": "affected", "versionType": "git"}, {"version": "7015fcf473796e1d2d876f241bd9e0c36f3d4eef", "lessThan": "a1b962a821e7a52d48212ae269b45808b4411267", "status": "affected", "versionType": "git"}, {"version": "1bf6974822d1dba86cf11b5f05498581cf3488a2", "lessThan": "6d882ea3b0931b43530d44149b79fcd4ffc13030", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/extents.c"], "versions": [{"version": "6.1.167", "lessThan": "6.1.168", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.167", "versionEndExcluding": "6.1.168"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/28db4bfc6f82fd20e2aadb7fc162244109a4eb31"}, {"url": "https://git.kernel.org/stable/c/f0931a5c17005a0c4fc35bd1a001245effc3354b"}, {"url": "https://git.kernel.org/stable/c/d8ee559fccdef713f058cfe5f2c03dc9b18be3b1"}, {"url": "https://git.kernel.org/stable/c/c2ee51d684adca7645e4aa74adca13f6750390bc"}, {"url": "https://git.kernel.org/stable/c/a1b962a821e7a52d48212ae269b45808b4411267"}, {"url": "https://git.kernel.org/stable/c/6d882ea3b0931b43530d44149b79fcd4ffc13030"}], "title": "ext4: drop extent cache after doing PARTIAL_VALID1 zeroout", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop extent cache after doing PARTIAL_VALID1 zeroout\n\nWhen splitting an unwritten extent in the middle and converting it to\ninitialized in ext4_split_extent() with the EXT4_EXT_MAY_ZEROOUT and\nEXT4_EXT_DATA_VALID2 flags set, it could leave a stale unwritten extent.\n\nAssume we have an unwritten file and buffered write in the middle of it\nwithout dioread_nolock enabled, it will allocate blocks as written\nextent.\n\n 0 A B N\n [UUUUUUUUUUUU] on-disk extent U: unwritten extent\n [UUUUUUUUUUUU] extent status tree\n [--DDDDDDDD--] D: valid data\n |<- ->| ----> this range needs to be initialized\n\next4_split_extent() first try to split this extent at B with\nEXT4_EXT_DATA_PARTIAL_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but\next4_split_extent_at() failed to split this extent due to temporary lack\nof space. It zeroout B to N and leave the entire extent as unwritten.\n\n 0 A B N\n [UUUUUUUUUUUU] on-disk extent\n [UUUUUUUUUUUU] extent status tree\n [--DDDDDDDDZZ] Z: zeroed data\n\next4_split_extent() then try to split this extent at A with\nEXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and\nleave an written extent from A to N.\n\n 0 A B N\n [UUWWWWWWWWWW] on-disk extent W: written extent\n [UUUUUUUUUUUU] extent status tree\n [--DDDDDDDDZZ]\n\nFinally ext4_map_create_blocks() only insert extent A to B to the extent\nstatus tree, and leave an stale unwritten extent in the status tree.\n\n 0 A B N\n [UUWWWWWWWWWW] on-disk extent W: written extent\n [UUWWWWWWWWUU] extent status tree\n [--DDDDDDDDZZ]\n\nFix this issue by always cached extent status entry after zeroing out\nthe second part."}], "id": "CVE-2026-45892", "lastModified": "2026-05-30T11:17:15.037", "metrics": {}, "published": "2026-05-27T14:17:03.353", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/28db4bfc6f82fd20e2aadb7fc162244109a4eb31"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6d882ea3b0931b43530d44149b79fcd4ffc13030"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a1b962a821e7a52d48212ae269b45808b4411267"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c2ee51d684adca7645e4aa74adca13f6750390bc"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d8ee559fccdef713f058cfe5f2c03dc9b18be3b1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f0931a5c17005a0c4fc35bd1a001245effc3354b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ext4: drop extent cache after doing PARTIAL_VALID1 zeroout", "id": "2481996", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481996"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-367", "details": ["A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs during certain buffered write operations when splitting unwritten data blocks, known as extents. A logic error can lead to an inconsistency where the filesystem's internal record of data blocks (the extent status tree) incorrectly marks an extent as unwritten, even though the data on disk has been written. This inconsistency could potentially lead to data integrity issues or unexpected filesystem behavior."], "name": "CVE-2026-45892", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-45892\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-45892\nhttps://lore.kernel.org/linux-cve-announce/2026052718-CVE-2026-45892-b406@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f0931a5c17005a0c4fc35bd1a001245effc3354b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d8ee559fccdef713f058cfe5f2c03dc9b18be3b1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,c2ee51d684adca7645e4aa74adca13f6750390bc)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,a1b962a821e7a52d48212ae269b45808b4411267)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,6d882ea3b0931b43530d44149b79fcd4ffc13030)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.6.130)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.12.75)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.18.14)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.19.4)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.75,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.14,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.4,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-27T16:00:08.703986+00:00", "updated": "2026-05-28T17:30:15.574167+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}