CVE-2026-45942 Linux CVE debrief

Who should care

Linux system administrators running ext4 filesystems, particularly those using huge-page workloads or memory-intensive applications; kernel maintainers and distribution security teams responsible for stable kernel updates; organizations with high-availability storage systems where filesystem integrity is critical

Technical summary

The ext4 filesystem's multiblock allocator (mballoc) contains a race condition in ext4_mb_load_buddy() where the fast path increments folio reference counts without holding the folio lock. This allows concurrent page migration (which acquires folio_lock) to race with bitmap modification operations. The vulnerability manifests as bitmap inconsistency errors (e.g., 'group 350, 8179 free clusters as per group info. But got 8192 blocks') and can lead to filesystem corruption. The fix adds a folio lock status check to force the slow path when the folio is locked, ensuring proper synchronization. A secondary issue with the DOUBLE_CHECK macro producing false positive corruption reports is also resolved by this change.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates containing the referenced stable commits to affected systems
• Monitor ext4 filesystem logs for bitmap inconsistency reports indicating potential exploitation
• Consider disabling huge-page workloads on critical ext4 filesystems until patched
• Enable filesystem integrity monitoring to detect anomalous bitmap state changes
• Review kernel crash dumps for ext4_mb_complex_scan_group errors with mismatched free cluster counts

Evidence notes

The vulnerability was resolved in the Linux kernel ext4 subsystem. Multiple stable kernel commits address this issue across supported branches. The race condition was observed during stress tests with mixed huge-page workloads, demonstrating practical exploitability despite the narrow timing window.

Official resources