CVE-2026-46040
Published: May 27, 2026
Modified: Jun 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails When fsnotify_add_inode_mark_locked() fails in inotify_new_watch(), the error path calls inotify_remove_from_idr() but does not call dec_inotify_watches() to undo the preceding inc_inotify_watches(). This leaks a watch count, and repeated failures can exhaust the max_user_watches limit with -ENOSPC even when no watches are active. Prior to commit 1cce1eea0aff ("inotify: Convert to using per-namespace limits"), the watch count was incremented after fsnotify_add_mark_locked() succeeded, so this path was not affected. The conversion moved inc_inotify_watches() before the mark insertion without adding the corresponding rollback. Add the missing dec_inotify_watches() call in the error path.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1cce1eea0aff51201753fcaca421df825b0813b6 - < 3ab58cf42c46bf2366d2f55ae5c59299d5e178b7affected 1cce1eea0aff51201753fcaca421df825b0813b6 - < 10edf7e0ffdc7faa18e2244b17722c1b882b8273affected 1cce1eea0aff51201753fcaca421df825b0813b6 - < 3ad9ccea1b25435f6179b57aa891960beb7ce8f9affected 1cce1eea0aff51201753fcaca421df825b0813b6 - < 8bcc1cd237ab5ccfdd102869fa031c541943cf40affected 1cce1eea0aff51201753fcaca421df825b0813b6 - < 73ddc8518a32baff6bc17afda4ee1ebae5b4ed12+3 more versions |
Linux | Linux | affected 4.11unaffected 0 - < 4.11unaffected 5.10.258 - <= 5.10.*unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now