HOMEVULNERABILITIESCVE-2026-45920
NONE

CVE-2026-45920

Published: May 27, 2026· Updated: May 27, 2026

Official Description

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix dirtyclusters double decrement on fs shutdown

fstests test generic/388 occasionally reproduces a warning in

ext4_put_super() associated with the dirty clusters count:

WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324 ext4_put_super+0x48c/0x590 [ext4]

Tracing the failure shows that the warning fires due to an

s_dirtyclusters_counter value of -1. IOW, this appears to be a

spurious decrement as opposed to some sort of leak. Further tracing

of the dirty cluster count deltas and an LLM scan of the resulting

output identified the cause as a double decrement in the error path

between ext4_mb_mark_diskspace_used() and the caller

ext4_mb_new_blocks().

First, note that generic/388 is a shutdown vs. fsstress test and so

produces a random set of operations and shutdown injections. In the

problematic case, the shutdown triggers an error return from the

ext4_handle_dirty_metadata() call(s) made from

ext4_mb_mark_context(). The changed value is non-zero at this point,

so ext4_mb_mark_diskspace_used() does not exit after the error

bubbles up from ext4_mb_mark_context(). Instead, the former

decrements both cluster counters and returns the error up to

ext4_mb_new_blocks(). The latter falls into the !ar->len out path

which decrements the dirty clusters counter a second time, creating

the inconsistency.

To avoid this problem and simplify ownership of the cluster

reservation in this codepath, lift the counter reduction to a single

place in the caller. This makes it more clear that

ext4_mb_new_blocks() is responsible for acquiring cluster

reservation (via ext4_claim_free_clusters()) in the !delalloc case

as well as releasing it, regardless of whether it ends up consumed

or returned due to failure.

NVD Source

Technical Analysis

CVE-2026-45920 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (8)

Quick Facts

CVE IDCVE-2026-45920
SeverityNONE
CISA KEVNo
PublishedMay 27, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-45920 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.