CVE-2026-46052 Linux CVE debrief

Who should care

Linux kernel maintainers; organizations running Ceph storage clusters; security teams monitoring for kernel RCU stall anomalies; distribution vendors packaging kernel updates

Technical summary

The Ceph filesystem client in the Linux kernel incorrectly assumes that negative dentries are always unhashed when calling d_add(dentry, NULL). Two code paths—ceph_finish_lookup() on MDS ENOENT replies and ceph_lookup() on local fast-path ENOENT—can re-add already-hashed negative dentries. This triggers __d_rehash() to insert the same hlist_bl node twice, corrupting the bucket structure and creating self-loops. The corruption manifests as infinite loops in __d_lookup(), detected as RCU scheduler stalls. The fix adds d_unhashed() guards before d_add() calls, preserving existing behavior for unhashed dentries while preventing corruption of reused hashed negatives.

Defensive priority

high

Recommended defensive actions

• Apply kernel patches from stable branches when available
• Monitor NVD for CVSS assignment
• Prioritize patching systems with Ceph filesystem mounts
• Watch for kernel vendor security advisories (Red Hat, SUSE, Ubuntu, Debian)
• Review systems for RCU stall warnings in dmesg/logs as potential exploitation indicator

Evidence notes

CVE published 2026-05-27T14:17:24.807Z; modified 2026-05-27T14:48:03.013Z. Five kernel.org stable branch commits provided as references. No CVSS score assigned; NVD status 'Awaiting Analysis'.

Official resources