7.1

CVE-2026-46150

fanotify: fix false positive on permission events

In the Linux kernel, the following vulnerability has been resolved:

fanotify: fix false positive on permission events

fsnotify_get_mark_safe() may return false for a mark on an unrelated group,
which results in bypassing the permission check.

Fix by skipping over detached marks that are not in the current group.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.12 < 5.10.258
LinuxLinux Kernel Version >= 5.11 < 5.15.209
LinuxLinux Kernel Version >= 5.16 < 6.1.175
LinuxLinux Kernel Version >= 6.2 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.88
LinuxLinux Kernel Version >= 6.13 < 6.18.30
LinuxLinux Kernel Version >= 6.19 < 7.0.7
LinuxLinux Kernel Version7.1 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.038
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/895ebbedf88318607c24acc0f591c74b165e1d0a
Patch
https://git.kernel.org/stable/c/f130790f1acc8399f32652846c875a251efd040f
Patch
https://git.kernel.org/stable/c/7baa02b0ae9d17ec5f08836d8ea88ce1927d0678
Patch
https://git.kernel.org/stable/c/b7b24b28c8cd55844cab908f4f39dded638d5538
Patch
https://git.kernel.org/stable/c/7746e3bd4cc19b5092e00d32d676e329bfcb6900
Patch
https://git.kernel.org/stable/c/04bb66be92f48ed13c3faf1139d892df228789bc
Patch
https://git.kernel.org/stable/c/4a7611ad653785fcdea5ff5f4441e2b7d05b7f11
Patch
https://git.kernel.org/stable/c/a24765332e129c1916d5a6615418b75599b8fcdc
Patch