CVE-2026-46150

EUVD-2026-32777
In the Linux kernel, the following vulnerability has been resolved:

fanotify: fix false positive on permission events

fsnotify_get_mark_safe() may return false for a mark on an unrelated group,
which results in bypassing the permission check.

Fix by skipping over detached marks that are not in the current group.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.9-1
fixed
sid
7.0.10-1
fixed
trixie
vulnerable
trixie (security)
6.12.90-2
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/7746e3bd4cc19b5092e00d32d676e329bfcb6900
https://git.kernel.org/stable/c/7baa02b0ae9d17ec5f08836d8ea88ce1927d0678
https://git.kernel.org/stable/c/895ebbedf88318607c24acc0f591c74b165e1d0a
https://git.kernel.org/stable/c/b7b24b28c8cd55844cab908f4f39dded638d5538
https://git.kernel.org/stable/c/f130790f1acc8399f32652846c875a251efd040f