What is CVE-2026-46051?

CVE-2026-46051 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 3.12 onward and patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-46051 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46051?

CVE-2026-46051 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46051?

Yes, CVE-2026-46051 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 3.12 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46051 actively exploited?

CVE-2026-46051 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46051

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix soft lockup in retry_aligned_read() When retry_aligned_read() encounters an overlapped stripe, it releases the stripe via raid5_release_stripe() which puts it on the lockless released_stripes llist. In the next raid5d loop iteration, release_stripe_list() drains the stripe onto handle_list (since STRIPE_HANDLE is set by the original IO), but retry_aligned_read() runs before handle_active_stripes() and removes the stripe from handle_list via find_get_stripe() -> list_del_init(). This prevents handle_stripe() from ever processing the stripe to resolve the overlap, causing an infinite loop and soft lockup. Fix this by using __release_stripe() with temp_inactive_list instead of raid5_release_stripe() in the failure path, so the stripe does not go through the released_stripes llist. This allows raid5d to break out of its loop, and the overlap will be resolved when the stripe is eventually processed by handle_stripe().

Package Linux Kernel

Published 2026-05-27

Last modified 2026-06-01

Patch available

Yes

Affected versions

Linux kernel versions 3.12 and later are affected. Fixed in 5.10.258, 5.15.209, 6.1.175, 6.6.140, 6.12.86, 6.18.27, 7.0.4, 7.1-rc1 and their respective stable series.

Affected from

≥ 3.12

Fixed in

✓ 5.10.258 5.10.x ✓ 5.15.209 5.15.x ✓ 6.1.175 6.1.x ✓ 6.6.140 6.6.x ✓ 6.12.86 6.12.x ✓ 6.18.27 6.18.x ✓ 7.0.4 7.0.x ✓ 7.1-rc1

References

The following references provide additional information about CVE-2026-46051 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/09880592f5a9dc73377d6eb5ac123537b5f8df49
Patch
Kernel patch commit
https://git.kernel.org/stable/c/1985cb3247e87ff6b8ca4bc5f9626f4f51024507
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4166d5234fe8b6c3c7f796a6c198605356c5b355
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46051?

CVE-2026-46051 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.12 onward and has been patched in 5.10.258, 5.15.209, 6.1.175 and others. CVE-2026-46051 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46051?

Yes — CVE-2026-46051 has been patched. Fixed versions include 5.10.258, 5.15.209, 6.1.175 and others. If you are running Linux kernel 3.12 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46051 actively exploited?

No — CVE-2026-46051 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.