7.8

CVE-2026-46107

dm-thin: fix metadata refcount underflow

In the Linux kernel, the following vulnerability has been resolved:

dm-thin: fix metadata refcount underflow

There's a bug in dm-thin in the function rebalance_children. If the
internal btree node has one entry, the code tries to copy all btree
entries from the node's child to the node itself and then decrement the
child's reference count.

If the child node is shared (it has reference count > 1), we won't free
it, so there would be two pointers to each of the grandchildren nodes.
But the reference counts of the grandchildren is not increased, thus the
reference count doesn't match the number of pointers that point to the
grandchildren. This results in "device mapper: space map common: unable
to decrement block" errors.

Fix this bug by incrementing reference counts on the grandchildren if the
btree node is shared.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.2 < 5.10.259
LinuxLinux Kernel Version >= 5.11 < 5.15.209
LinuxLinux Kernel Version >= 5.16 < 6.1.175
LinuxLinux Kernel Version >= 6.2 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.88
LinuxLinux Kernel Version >= 6.13 < 6.18.30
LinuxLinux Kernel Version >= 6.19 < 7.0.7
LinuxLinux Kernel Version7.1 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.028
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://git.kernel.org/stable/c/12161e03d33afce781f68fa11cc6060538862fad
Patch
https://git.kernel.org/stable/c/323d252a4a378834e4fe68298ca61cfc5dd3a460
Patch
https://git.kernel.org/stable/c/85311a585a26640760cd0f3349ab9f2905691044
Patch
https://git.kernel.org/stable/c/5ec0debbcfd43596e32c1239e993de06a704e04c
Patch
https://git.kernel.org/stable/c/09a65adc7d8bbfce06392cb6d375468e2728ead5
Patch
https://git.kernel.org/stable/c/f06f6aededd792a754cd677c02b3d3016d868c2c
Patch
https://git.kernel.org/stable/c/f49b41c9eb7c6ff00df27cd49cea210abbadd8ad
Patch
https://git.kernel.org/stable/c/b719d12cb94df345e9ad2715fd0abe9afcaeb111
Patch