HOMEVULNERABILITIESCVE-2026-46061
NONE

CVE-2026-46061

Published: May 27, 2026· Updated: May 27, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:4.9th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

jbd2: fix deadlock in jbd2_journal_cancel_revoke()

Commit f76d4c28a46a ("fs/jbd2: use sleeping version of

__find_get_block()") changed jbd2_journal_cancel_revoke() to use

__find_get_block_nonatomic() which holds the folio lock instead of

i_private_lock. This breaks the lock ordering (folio -> buffer) and

causes an ABBA deadlock when the filesystem blocksize < pagesize:

T1 T2

ext4_mkdir()

ext4_init_new_dir()

ext4_append()

ext4_getblk()

lock_buffer() <- A

sync_blockdev()

blkdev_writepages()

writeback_iter()

writeback_get_folio()

folio_lock() <- B

ext4_journal_get_create_access()

jbd2_journal_cancel_revoke()

__find_get_block_nonatomic()

folio_lock() <- B

block_write_full_folio()

lock_buffer() <- A

This can occasionally cause generic/013 to hang.

Fix by only calling __find_get_block_nonatomic() when the passed

buffer_head doesn't belong to the bdev, which is the only case that we

need to look up its bdev alias. Otherwise, the lookup is redundant since

the found buffer_head is equal to the one we passed in.

NVD Source

Technical Analysis

CVE-2026-46061 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (4)

Quick Facts

CVE IDCVE-2026-46061
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 27, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-46061 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.