CVE-2026-46175

High

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs# seq 1 2048 | xargs -n 1 ./test_sync // write inline inode and sync root@vm:/mnt/f2fs# rm -f 1 root@vm:/mnt/f2fs# sync root@vm:/mnt/f2fs# f2fs_io gc_range // move data block in sync mode and not write CP SPO, "fsck --dry-run" find inode has already checkpointed but still with DENT_BIT_SHIFT set The root cause is that GC does not clear the dentry mark and fsync mark during node block migration, leading fsck to misinterpret them as user-issued fsync writes. In BGGC mode, node block migration is handled by f2fs_sync_node_pages(), which guarantees the dentry and fsync marks are cleared before writing. This patch move the set/clear of the fsync|dentry marks into __write_node_folio to make the logic clearer, and ensures the fsync|dentry mark is cleared in FGGC.

Package Linux Kernel
Published 2026-05-28
Last modified 2026-05-30
CVSS version 3.1
Patch available
Yes

CVSS 3.1 score

7.1

out of 10
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Affected versions

Linux kernel versions 4.7 and later are affected. Fixed in 6.18.30, 7.0.7, 7.1-rc1 and their respective stable series.

Affected from
≥ 4.7
Fixed in
✓ 6.18.30 6.18.x ✓ 7.0.7 7.0.x ✓ 7.1-rc1

References

The following references provide additional information about CVE-2026-46175 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Frequently asked questions

  • What is CVE-2026-46175?

    CVE-2026-46175 is a High severity Linux kernel vulnerability with a CVSS score of 7.1 out of 10 . It affects Linux kernel versions from 4.7 onward and has been patched in 6.18.30, 7.0.7 and 7.1-rc1. CVE-2026-46175 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

  • What is the CVSS score for CVE-2026-46175?

    CVE-2026-46175 has a CVSS score of 7.1 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H .

  • Is there a patch available for CVE-2026-46175?

    Yes — CVE-2026-46175 has been patched. Fixed versions include 6.18.30, 7.0.7 and 7.1-rc1. If you are running Linux kernel 4.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

  • Is CVE-2026-46175 actively exploited?

    No — CVE-2026-46175 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

Back to
All CVEs
View on
NVD / NIST