CVE-2026-46150
Published: May 28, 2026
Modified: Jun 1, 2026
CVSS v3.1
7.1
Description
In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotify_get_mark_safe() may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the current group.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected abc77577a669f424c5d0c185b9994f2621c52aa4 - < a24765332e129c1916d5a6615418b75599b8fcdcaffected abc77577a669f424c5d0c185b9994f2621c52aa4 - < 4a7611ad653785fcdea5ff5f4441e2b7d05b7f11affected abc77577a669f424c5d0c185b9994f2621c52aa4 - < 04bb66be92f48ed13c3faf1139d892df228789bcaffected abc77577a669f424c5d0c185b9994f2621c52aa4 - < 895ebbedf88318607c24acc0f591c74b165e1d0aaffected abc77577a669f424c5d0c185b9994f2621c52aa4 - < f130790f1acc8399f32652846c875a251efd040f+3 more versions |
Linux | Linux | affected 4.12unaffected 0 - < 4.12unaffected 5.10.258 - <= 5.10.*unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now