CVE-2026-45948

Source
https://cve.org/CVERecord?id=CVE-2026-45948
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45948.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45948
Downstream
Published
2026-05-27T12:18:04.937Z
Modified
2026-06-18T03:55:54.203443075Z
Summary
ext4: fix memory leak in ext4_ext_shift_extents()
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix memory leak in ext4extshift_extents()

In ext4extshiftextents(), if the extent is NULL in the while loop, the function returns immediately without releasing the path obtained via ext4find_extent(), leading to a memory leak.

Fix this by jumping to the out label to ensure the path is properly released.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45948.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a18ed359bdddcded4f97ff5e2f07793ff9336913
Fixed
7e807cb8603b7664fa630a696cd891d9a03c248d
Fixed
afc5e61e1a07b2b833bd72cbee36ecce9cd901e2
Fixed
1bce219ee5512cf179ba40cf114945a14a16e21f
Fixed
4a79fde8db7eba7f1128d971ceba4e3c9ac84aec
Fixed
2f4b1052246ca646bb17bfe0f53df2fdf9729b58
Fixed
12615ab4bfb69678e5d961b28bb70040299e51b1
Fixed
bd7b52557e4a3ccd7595fdb3a585f1257de57935
Fixed
ca81109d4a8f192dc1cbad4a1ee25246363c2833

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45948.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.15.0
Fixed
5.10.252
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45948.json"