CVE-2026-46150

HIGH 7.1

fanotify: fix false positive on permission events

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

2th

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotify_get_mark_safe() may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the current group.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 28, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

abc77577a669f424c5d0c185b9994f2621c52aa4 < a24765332e129c1916d5a6615418b75599b8fcdc abc77577a669f424c5d0c185b9994f2621c52aa4 < 4a7611ad653785fcdea5ff5f4441e2b7d05b7f11 abc77577a669f424c5d0c185b9994f2621c52aa4 < 04bb66be92f48ed13c3faf1139d892df228789bc abc77577a669f424c5d0c185b9994f2621c52aa4 < 895ebbedf88318607c24acc0f591c74b165e1d0a abc77577a669f424c5d0c185b9994f2621c52aa4 < f130790f1acc8399f32652846c875a251efd040f abc77577a669f424c5d0c185b9994f2621c52aa4 < 7baa02b0ae9d17ec5f08836d8ea88ce1927d0678 abc77577a669f424c5d0c185b9994f2621c52aa4 < b7b24b28c8cd55844cab908f4f39dded638d5538 abc77577a669f424c5d0c185b9994f2621c52aa4 < 7746e3bd4cc19b5092e00d32d676e329bfcb6900

Linux / Linux

4.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗