What is CVE-2026-45924?

CVE-2026-45924 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 5.15.190 onward and patched in 5.15.203, 6.1.167, 6.6.130 and others. CVE-2026-45924 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-45924?

CVE-2026-45924 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-45924?

Yes, CVE-2026-45924 has been patched. Fixed versions include 5.15.203, 6.1.167, 6.6.130 and others. If you are running Linux kernel 5.15.190 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-45924 actively exploited?

CVE-2026-45924 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-45924

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths There are two places where ksmbd_vfs_kern_path_end_removing() needs to be called in order to balance what the corresponding successful call to ksmbd_vfs_kern_path_start_removing() has done, i.e. drop inode locks and put the taken references. Otherwise there might be potential deadlocks and unbalanced locks which are caught like: BUG: workqueue leaked lock or atomic: kworker/5:21/0x00000000/7596 last function: handle_ksmbd_work 2 locks held by kworker/5:21/7596: #0: ffff8881051ae448 (sb_writers#3){.+.+}-{0:0}, at: ksmbd_vfs_kern_path_locked+0x142/0x660 #1: ffff888130e966c0 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: ksmbd_vfs_kern_path_locked+0x17d/0x660 CPU: 5 PID: 7596 Comm: kworker/5:21 Not tainted 6.1.162-00456-gc29b353f383b #138 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-debian-1.17.0-1 04/01/2014 Workqueue: ksmbd-io handle_ksmbd_work Call Trace: <TASK> dump_stack_lvl+0x44/0x5b process_one_work.cold+0x57/0x5c worker_thread+0x82/0x600 kthread+0x153/0x190 ret_from_fork+0x22/0x30 </TASK> Found by Linux Verification Center (linuxtesting.org).

Package Linux Kernel

Published 2026-05-27

Last modified 2026-05-27

Patch available

Yes

Affected versions

Linux kernel versions 5.15.190, 6.1.149, 6.6.103, 6.12.43, 6.15.11, 6.16.2, 6.17 and later are affected. Fixed in 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.17, 6.19.4, 7.0 and their respective stable series.

Affected from

≥ 5.15.190 ≥ 6.1.149 ≥ 6.6.103 ≥ 6.12.43 ≥ 6.15.11 ≥ 6.16.2 ≥ 6.17

Fixed in

✓ 5.15.203 5.15.x ✓ 6.1.167 6.1.x ✓ 6.6.130 6.6.x ✓ 6.12.78 6.12.x ✓ 6.18.17 6.18.x ✓ 6.19.4 6.19.x ✓ 7.0

References

The following references provide additional information about CVE-2026-45924 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0c578e8065c4b08d5635a4cbc0f6321df9d20f79
Patch
Kernel patch commit
https://git.kernel.org/stable/c/34d6691933682f0516259a31b39d2cebcedec0a5
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4c38600feb81c670edb82e49d201d3d2d00cd4c3
Patch

7 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-45924?

CVE-2026-45924 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.15.190 onward and has been patched in 5.15.203, 6.1.167, 6.6.130 and others. CVE-2026-45924 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-45924?

Yes — CVE-2026-45924 has been patched. Fixed versions include 5.15.203, 6.1.167, 6.6.130 and others. If you are running Linux kernel 5.15.190 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-45924 actively exploited?

No — CVE-2026-45924 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.