What is CVE-2026-46194?

CVE-2026-46194 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.6.66 onward and patched in 6.6.140, 6.12.88, 6.18.30 and others. CVE-2026-46194 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-46194?

CVE-2026-46194 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-46194?

Yes, CVE-2026-46194 has been patched. Fixed versions include 6.6.140, 6.12.88, 6.18.30 and others. If you are running Linux kernel 6.6.66 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-46194 actively exploited?

CVE-2026-46194 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-46194

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix node_cnt race between extent node destroy and writeback f2fs_destroy_extent_node() does not set FI_NO_EXTENT before clearing extent nodes. When called from f2fs_drop_inode() with I_SYNC set, concurrent kworker writeback can insert new extent nodes into the same extent tree, racing with the destroy and triggering f2fs_bug_on() in __destroy_extent_node(). The scenario is as follows: drop inode writeback - iput - f2fs_drop_inode // I_SYNC set - f2fs_destroy_extent_node - __destroy_extent_node - while (node_cnt) { write_lock(&et->lock) __free_extent_tree write_unlock(&et->lock) - __writeback_single_inode - f2fs_outplace_write_data - f2fs_update_read_extent_cache - __update_extent_tree_range // FI_NO_EXTENT not set, // insert new extent node } // node_cnt == 0, exit while - f2fs_bug_on(node_cnt) // node_cnt > 0 Additionally, __update_extent_tree_range() only checks FI_NO_EXTENT for EX_READ type, leaving EX_BLOCK_AGE updates completely unprotected. This patch set FI_NO_EXTENT under et->lock in __destroy_extent_node(), consistent with other callers (__update_extent_tree_range and __drop_extent_tree) and check FI_NO_EXTENT for both EX_READ and EX_BLOCK_AGE tree.

Package Linux Kernel

Published 2026-05-28

Last modified 2026-05-28

Patch available

Yes

Affected versions

Linux kernel versions 6.6.66, 6.12.5, 6.13 and later are affected. Fixed in 6.6.140, 6.12.88, 6.18.30, 7.0.7, 7.1-rc1 and their respective stable series.

Affected from

≥ 6.6.66 ≥ 6.12.5 ≥ 6.13

Fixed in

✓ 6.6.140 6.6.x ✓ 6.12.88 6.12.x ✓ 6.18.30 6.18.x ✓ 7.0.7 7.0.x ✓ 7.1-rc1

References

The following references provide additional information about CVE-2026-46194 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0559a0e962aacbb47519e26ee663be04b72dcb92
Patch
Kernel patch commit
https://git.kernel.org/stable/c/42dd1c91f993431d0b399502479d00e6ad1bca71
Patch
Kernel patch commit
https://git.kernel.org/stable/c/ab1eaf9d5c99042f5b0243bf67a06283a4c0757f
Patch

5 patch commits total View all on NVD

Frequently asked questions

What is CVE-2026-46194?

CVE-2026-46194 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.6.66 onward and has been patched in 6.6.140, 6.12.88, 6.18.30 and others. CVE-2026-46194 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-46194?

Yes — CVE-2026-46194 has been patched. Fixed versions include 6.6.140, 6.12.88, 6.18.30 and others. If you are running Linux kernel 6.6.66 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-46194 actively exploited?

No — CVE-2026-46194 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.