PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45912 Linux CVE debrief

A vulnerability in the Linux kernel's ext4 filesystem could lead to stale extent entries in the extent status tree during extent splitting operations. When ext4_split_extent_at() splits an unwritten extent, the caching of extents during this process may insert truncated ranges as holes into the extent status tree. These holes are not replaced with correct status after the split completes. If a delayed buffer write is subsequently performed on the affected range, it can re-insert the delayed extent and cause errors in space accounting. The issue also creates conflicts with existing extents when caching, which may trigger warnings in future kernel versions with additional extent caching checks.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

System administrators managing Linux systems with ext4 filesystems, particularly those handling workloads with direct I/O operations on large files and mixed direct/delayed write patterns. Storage engineers and kernel maintainers responsible for filesystem stability and space accounting integrity. Cloud infrastructure operators providing ext4-based storage services who need to ensure accurate disk space reporting and prevent filesystem corruption.

Technical summary

The vulnerability exists in the ext4 filesystem's extent handling code, specifically in the extent splitting path. When ext4_split_extent_at() is called to split an unwritten extent (commonly triggered by direct I/O writes), the function truncates the existing extent and inserts a new one. During this process, calls to ext4_find_extent() and ext4_cache_extents() may insert the truncated range as a hole into the extent status tree. After the split completes, this hole is not replaced with the correct status. The outer calling functions do not correct this remaining hole. If a delayed buffer write is then performed on the latter part of the split range, it re-inserts the delayed extent and causes space accounting errors. Additionally, if the unwritten extent cache is not shrunk during splitting, ext4_cache_extents() conflicts with existing extents. The fix removes extent caching during the splitting process, as the extent block entries are typically already cached beforehand and caching during split introduces race conditions with stale data.

Defensive priority

medium

Recommended defensive actions

  • Apply the relevant stable kernel patches from the Linux kernel stable tree to address the ext4 extent caching issue
  • Review systems using ext4 filesystems with heavy direct I/O and delayed write workloads for potential space accounting inconsistencies
  • Monitor kernel logs for extent status tree warnings that may indicate this condition
  • Plan kernel updates for affected systems, prioritizing those with ext4 filesystems handling large unwritten extents and mixed I/O patterns

Evidence notes

The vulnerability description is sourced from the official CVE record published by CVE.org and mirrored in the NVD. The fix involves multiple stable kernel commits addressing the extent caching behavior in ext4_split_extent_at() and related functions. The issue specifically affects the interaction between direct I/O writes to unwritten extents and subsequent delayed buffer writes.

Official resources

The vulnerability was disclosed on 2026-05-27. The issue was resolved by modifying the ext4 filesystem code to avoid caching extents during the splitting process, as the corresponding extent block entries are typically already cached before