CVE-2026-46080

Source
https://cve.org/CVERecord?id=CVE-2026-46080
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46080.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46080
Downstream
Related
Published
2026-05-27T12:58:17.103Z
Modified
2026-06-26T11:56:20.667349295Z
Summary
ocfs2: split transactions in dio completion to avoid credit exhaustion
Details

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: split transactions in dio completion to avoid credit exhaustion

During ocfs2 dio operations, JBD2 may report warnings via following call trace: ocfs2dioendiowrite ocfs2markextentwritten ocfs2changeextentflag ocfs2splitextent ocfs2trytomergeextent ocfs2extendrotatetransaction ocfs2extend_trans jbd2__journalrestart startthishandle output: JBD2: kworker/6:2 wants too many credits credits:5450 rsvcredits:0 max:5449

To prevent exceeding the credits limit, modify ocfs2dioendiowrite() to handle extents in a batch of transaction.

Additionally, relocate ocfs2delinodefromorphan(). The orphan inode should only be removed from the orphan list after the extent tree update is complete. This ensures that if a crash occurs in the middle of extent tree updates, we won't leave stale blocks beyond EOF.

This patch also changes the logic for updating the inode size and removing orphan, making it similar to ext4diowriteendio(). Both operations are performed only when everything looks good.

Finally, thanks to Jans and Joseph for providing the bug fix prototype and suggestions.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46080.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c15471f79506830f80eca0e7fe09b8213953ab5f
Fixed
97c03c0e9f73a5049794b3c69ee60fb5e8b0ebd8
Fixed
1e99bb19994246514d63e656492904176f9d5edd
Fixed
91e05ac2336d00d5b99fc774be4bd50039084796
Fixed
886f97fa59d0bbfa9859fb1a66dd9e014b522d89
Fixed
ea5bb1d20da756e4f41a48dad42b2e7d6e73f71e
Fixed
3c636a3edca9c3f180b3079f94fe7e115730d9c6
Fixed
069c3fb310e9336cf48cfdf8748a32c29fd0193d
Fixed
d647c5b2fbf81560818dacade360abc8c00a9665

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46080.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.6.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46080.json"