PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45920 Linux CVE debrief

This CVE addresses a double-decrement bug in the Linux kernel's ext4 filesystem that could cause s_dirtyclusters_counter to underflow to -1 during filesystem shutdown scenarios. The vulnerability manifests as a WARNING in ext4_put_super() when the dirty clusters counter becomes negative. The root cause involves error handling in the block allocation path: when ext4_mb_mark_diskspace_used() encounters an error from ext4_mb_mark_context() (triggered by filesystem shutdown), it decrements cluster counters before returning. The caller, ext4_mb_new_blocks(), then decrements the dirty clusters counter again in its !ar->len error path, resulting in a double decrement. The fix consolidates cluster reservation ownership in ext4_mb_new_blocks(), making it solely responsible for both acquiring and releasing cluster reservations regardless of success or failure. This is a logic error with potential for filesystem inconsistency warnings rather than a security vulnerability exploitable for privilege escalation or code execution.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux system administrators running ext4 filesystems, particularly those in environments with frequent or unplanned shutdowns; kernel maintainers and distribution packagers responsible for stable kernel updates

Technical summary

The ext4 filesystem in the Linux kernel contained a double-decrement vulnerability in the dirty clusters counter (s_dirtyclusters_counter) during error handling in the block allocation path. When ext4_mb_new_blocks() calls ext4_mb_mark_diskspace_used(), and a shutdown-triggered error occurs in ext4_mb_mark_context() → ext4_handle_dirty_metadata(), the error path in ext4_mb_mark_diskspace_used() decrements cluster counters before returning. The caller's !ar->len path then decrements dirty clusters again, causing the counter to reach -1. This triggers a WARNING in ext4_put_super() at fs/ext4/super.c:1324. The fix refactors the code to make ext4_mb_new_blocks() solely responsible for cluster reservation lifecycle management, eliminating the duplicate decrement.

Defensive priority

low

Recommended defensive actions

  • Apply kernel updates containing the referenced stable commits when available for your distribution
  • Monitor kernel logs for ext4_put_super() warnings indicating dirty cluster counter underflow on affected systems
  • Consider running fstests generic/388 to verify fix effectiveness in test environments
  • Review filesystem health after unexpected shutdowns on unpatched systems using e2fsck
  • No immediate emergency patching required; this is a correctness fix for filesystem metadata accounting

Evidence notes

The vulnerability description is sourced from the official CVE record published 2026-05-27. Multiple kernel.org stable tree commits are referenced, indicating backports to various stable kernel branches. The issue was identified through fstests generic/388, a shutdown vs. fsstress test. No CVSS score has been assigned as of the modified date (2026-05-27T14:48:03.013Z). The vendor is identified as the Linux Kernel project based on reference domain analysis with low confidence, requiring review.

Official resources

2026-05-27