CVE-2026-46160

EUVD-2026-32787
In the Linux kernel, the following vulnerability has been resolved:

btrfs: fix missing last_unlink_trans update when removing a directory

When removing a directory we are not updating its last_unlink_trans field,
which can result in incorrect fsync behaviour in case some one fsyncs the
directory after it was removed because it's holding a file descriptor on
it.

Example scenario:

   mkdir /mnt/dir1
   mkdir /mnt/dir1/dir2
   mkdir /mnt/dir3

   sync -f /mnt

   # Do some change to the directory and fsync it.
   chmod 700 /mnt/dir1
   xfs_io -c fsync /mnt/dir1

   # Move dir2 out of dir1 so that dir1 becomes empty.
   mv /mnt/dir1/dir2 /mnt/dir3/

   open fd on /mnt/dir1
   call rmdir(2) on path "/mnt/dir1"
   fsync fd

   <trigger power failure>

When attempting to mount the filesystem, the log replay will fail with
an -EIO error and dmesg/syslog has the following:

   [445771.626482] BTRFS info (device dm-0): first mount of filesystem 0368bbea-6c5e-44b5-b409-09abe496e650
   [445771.626486] BTRFS info (device dm-0): using crc32c checksum algorithm
   [445771.627912] BTRFS info (device dm-0): start tree-log replay
   [445771.628335] page: refcount:2 mapcount:0 mapping:0000000061443ddc index:0x1d00 pfn:0x7072a5
   [445771.629453] memcg:ffff89f400351b00
   [445771.629892] aops:btree_aops [btrfs] ino:1
   [445771.630737] flags: 0x17fffc00000402a(uptodate|lru|private|writeback|node=0|zone=2|lastcpupid=0x1ffff)
   [445771.632359] raw: 017fffc00000402a fffff47284d950c8 fffff472907b7c08 ffff89f458e412b8
   [445771.633713] raw: 0000000000001d00 ffff89f6c51d1a90 00000002ffffffff ffff89f400351b00
   [445771.635029] page dumped because: eb page dump
   [445771.635825] BTRFS critical (device dm-0): corrupt leaf: root=5 block=30408704 slot=10 ino=258, invalid nlink: has 2 expect no more than 1 for dir
   [445771.638088] BTRFS info (device dm-0): leaf 30408704 gen 10 total ptrs 17 free space 14878 owner 5
   [445771.638091] BTRFS info (device dm-0): refs 4 lock_owner 0 current 3581087
   [445771.638094] 	item 0 key (256 INODE_ITEM 0) itemoff 16123 itemsize 160
   [445771.638097] 		inode generation 3 transid 9 size 16 nbytes 16384
   [445771.638098] 		block group 0 mode 40755 links 1 uid 0 gid 0
   [445771.638100] 		rdev 0 sequence 2 flags 0x0
   [445771.638102] 		atime 1775744884.0
   [445771.660056] 		ctime 1775744885.645502983
   [445771.660058] 		mtime 1775744885.645502983
   [445771.660060] 		otime 1775744884.0
   [445771.660062] 	item 1 key (256 INODE_REF 256) itemoff 16111 itemsize 12
   [445771.660064] 		index 0 name_len 2
   [445771.660066] 	item 2 key (256 DIR_ITEM 1843588421) itemoff 16077 itemsize 34
   [445771.660068] 		location key (259 1 0) type 2
   [445771.660070] 		transid 9 data_len 0 name_len 4
   [445771.660075] 	item 3 key (256 DIR_ITEM 2363071922) itemoff 16043 itemsize 34
   [445771.660076] 		location key (257 1 0) type 2
   [445771.660077] 		transid 9 data_len 0 name_len 4
   [445771.660078] 	item 4 key (256 DIR_INDEX 2) itemoff 16009 itemsize 34
   [445771.660079] 		location key (257 1 0) type 2
   [445771.660080] 		transid 9 data_len 0 name_len 4
   [445771.660081] 	item 5 key (256 DIR_INDEX 3) itemoff 15975 itemsize 34
   [445771.660082] 		location key (259 1 0) type 2
   [445771.660083] 		transid 9 data_len 0 name_len 4
   [445771.660084] 	item 6 key (257 INODE_ITEM 0) itemoff 15815 itemsize 160
   [445771.660086] 		inode generation 9 transid 9 size 8 nbytes 0
   [445771.660087] 		block group 0 mode 40777 links 1 uid 0 gid 0
   [445771.660088] 		rdev 0 sequence 2 flags 0x0
   [445771.660089] 		atime 1775744885.641174097
   [445771.660090] 		ctime 1775744885.645502983
   [445771.660091] 		mtime 1775744885.645502983
   [445771.660105] 		otime 1775744885.641174097
   [445771.660106] 	item 7 key (257 INODE_REF 256) itemoff 15801 itemsize 14
   [445771.660107] 		index 2 name_len 4
   [445771.660108] 	item 8 key (257 DIR_ITEM 2676584006) itemoff 15767 itemsize 34
   [445771.660109] 		location key (2
---truncated---
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
2.6.30 ≤
𝑥
< 6.6.141
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.91
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.30
linuxlinux_kernel
6.19 ≤
𝑥
< 7.0.7
linuxlinux_kernel
7.1:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.176-1
fixed
bookworm (security)
6.1.176-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.259-1
fixed
forky
7.1.3-1
fixed
sid
7.1.3-1
fixed
trixie
6.12.94-1
fixed
trixie (security)
6.12.95-1
fixed
linux-6.1
bullseye (security)
6.1.176-1~deb11u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
cluster-md-kmp-default
suse enterprise server 12 SP5
4.12.14-122.317.1
fixed
dlm-kmp-default
suse enterprise server 12 SP5
4.12.14-122.317.1
fixed
gfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.317.1
fixed
kernel-64kb
suse enterprise desktop 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.63.1
fixed
kernel-default
suse enterprise desktop 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise server 12 SP5
4.12.14-122.317.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.63.1
fixed
kernel-default-base
suse enterprise desktop 15 SP7
6.4.0-150700.53.63.1.150700.17.37.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.63.1.150700.17.37.1
fixed
suse enterprise server 12 SP5
4.12.14-122.317.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.63.1.150700.17.37.1
fixed
kernel-default-man
suse enterprise server 12 SP5
4.12.14-122.317.1
fixed
kernel-obs-build
suse enterprise desktop 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.63.1
fixed
kernel-source
suse enterprise desktop 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise server 12 SP5
4.12.14-122.317.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.63.1
fixed
kernel-zfcpdump
suse enterprise desktop 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise sap 15 SP7
6.4.0-150700.53.63.1
fixed
suse enterprise server 15 SP7
6.4.0-150700.53.63.1
fixed
ocfs2-kmp-default
suse enterprise server 12 SP5
4.12.14-122.317.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
bpftool-debuginfo
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
bpftool6.12
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
bpftool6.12-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
bpftool6.18
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
bpftool6.18-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-debuginfo
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-debuginfo-common-aarch64
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-debuginfo-common-x86_64
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-devel
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-headers
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-livepatch-6.1.176-220.358
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-livepatch-6.12.92-122.166
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-livepatch-6.18.30-61.116
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel-modules-extra
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-modules-extra-common
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-tools
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-tools-debuginfo
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel-tools-devel
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
kernel6.12
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-debuginfo-common-aarch64
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-debuginfo-common-x86_64
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-devel
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-headers
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-modules-extra
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-modules-extra-common
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-tools
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-tools-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.12-tools-devel
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
kernel6.18
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-debuginfo-common-aarch64
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-debuginfo-common-x86_64
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-devel
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-headers
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-modules-extra
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-modules-extra-common
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-tools
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-tools-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
kernel6.18-tools-devel
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
perf
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
perf-debuginfo
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
perf6.12
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
perf6.12-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
perf6.18
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
perf6.18-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
python3-perf
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
python3-perf-debuginfo
Amazon Linux 2023
1:6.1.176-220.358.amzn2023
fixed
python3-perf6.12
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
python3-perf6.12-debuginfo
Amazon Linux 2023
1:6.12.92-122.166.amzn2023
fixed
python3-perf6.18
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
python3-perf6.18-debuginfo
Amazon Linux 2023
1:6.18.30-61.116.amzn2023
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
kernel
Azure Linux 3.0
0:6.6.141.1-1.azl3
fixed