CVE-2026-46094

Source
https://cve.org/CVERecord?id=CVE-2026-46094
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46094.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46094
Downstream
Related
Published
2026-05-27T12:58:45.304Z
Modified
2026-06-27T11:55:33.016799731Z
Summary
ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access

The bounds check for the next xattr entry in checkxattrs() uses (void *)next >= end, which allows next to point within sizeof(u32) bytes of end. On the next loop iteration, ISLAST_ENTRY() reads 4 bytes via *(__u32 *)(entry), which can overrun the valid xattr region.

For example, if next lands at end - 1, the check passes since next < end, but ISLASTENTRY() reads 4 bytes starting at end - 1, accessing 3 bytes beyond the valid region.

Fix this by changing the check to (void *)next + sizeof(u32) > end, ensuring there is always enough space for the ISLASTENTRY() read on the subsequent iteration.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46094.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
3478c83cf26bbffd026ae6a56bcb1fe544f0834e
Fixed
ab6da97bc310db35d4e4ef5354bc3ff626b0698c
Fixed
5a5314d2387633a272a04d1bd8727f99058e4e68
Fixed
537e065977022aa22f2c2503e8accaf16622e0fd
Fixed
520986722dbf869c122252123fc161c7302eab7d
Fixed
eceafc31ea7b42c984ece10d79d505c0bb6615d5

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46094.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.3.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46094.json"