CVE-2026-45915 Linux CVE debrief

Who should care

Linux system administrators, embedded device manufacturers using FAT filesystems, security teams monitoring kernel vulnerabilities, and organizations relying on FAT/VFAT/MS-DOS filesystem support in production environments

Technical summary

The vulnerability exists in the FAT filesystem driver's rmdir implementation. Corrupted FAT images can leave directory inodes with incorrect i_nlink values (e.g., 2 when subdirectories exist). The rmdir operation unconditionally calls drop_nlink(dir), which decrements the link count without bounds checking. This can cause i_nlink to underflow to zero, triggering WARN_ON in drop_nlink(). The fix introduces a sanity check: before decrementing, verify the parent directory's link count is at least 3. If not, report a filesystem error instead of proceeding with the underflow-prone operation. This affects both vfat_rmdir() and msdos_rmdir() code paths.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits when available from your Linux distribution
• Monitor filesystem integrity on systems using FAT/VFAT/MS-DOS filesystems
• Consider using filesystem integrity checking tools (fsck) before mounting untrusted FAT images
• Review system logs for FAT filesystem errors that may indicate corruption
• If running custom kernel builds, cherry-pick the relevant stable commits for your kernel version

Evidence notes

CVE published 2026-05-27. Multiple stable kernel commits provided indicating backports to various kernel versions. No CVSS score or severity assigned by NVD at time of disclosure. Not listed in CISA KEV.

Official resources