HOMEVULNERABILITIESCVE-2026-45942
HIGH

CVE-2026-45942

Published: May 27, 2026· Updated: May 30, 2026

7.8
CVSS v3.1

Official Description

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix e4b bitmap inconsistency reports

A bitmap inconsistency issue was observed during stress tests under

mixed huge-page workloads. Ext4 reported multiple e4b bitmap check

failures like:

ext4_mb_complex_scan_group:2508: group 350, 8179 free clusters as

per group info. But got 8192 blocks

Analysis and experimentation confirmed that the issue is caused by a

race condition between page migration and bitmap modification. Although

this timing window is extremely narrow, it is still hit in practice:

folio_lock ext4_mb_load_buddy

__migrate_folio

check ref count

folio_mc_copy __filemap_get_folio

folio_try_get(folio)

......

mb_mark_used

ext4_mb_unload_buddy

__folio_migrate_mapping

folio_ref_freeze

folio_unlock

The root cause of this issue is that the fast path of load_buddy only

increments the folio's reference count, which is insufficient to prevent

concurrent folio migration. We observed that the folio migration process

acquires the folio lock. Therefore, we can determine whether to take the

fast path in load_buddy by checking the lock status. If the folio is

locked, we opt for the slow path (which acquires the lock) to close this

concurrency window.

Additionally, this change addresses the following issues:

When the DOUBLE_CHECK macro is enabled to inspect bitmap-related

issues, the following error may be triggered:

corruption in group 324 at byte 784(6272): f in copy != ff on

disk/prealloc

Analysis reveals that this is a false positive. There is a specific race

window where the bitmap and the group descriptor become momentarily

inconsistent, leading to this error report:

ext4_mb_load_buddy ext4_mb_load_buddy

__filemap_get_folio(create|lock)

folio_lock

ext4_mb_init_cache

folio_mark_uptodate

__filemap_get_folio(no lock)

......

mb_mark_used

mb_mark_used_double

mb_cmp_bitmaps

mb_set_bits(e4b->bd_bitmap)

folio_unlock

The original logic assumed that since mb_cmp_bitmaps is called when the

bitmap is newly loaded from disk, the folio lock would be sufficient to

prevent concurrent access. However, this overlooks a specific race

condition: if another process attempts to load buddy and finds the folio

is already in an uptodate state, it will immediately begin using it without

holding folio lock.

NVD Source

Technical Analysis

CVE-2026-45942 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (5)

Quick Facts

CVE IDCVE-2026-45942
CVSS Score7.8 / 10
SeverityHIGH
CISA KEVNo
PublishedMay 27, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-45942 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.