PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46100 Linux CVE debrief

A memory leak vulnerability exists in the Linux kernel's AFS (Andrew File System) implementation due to improper use of the .mmap_prepare() callback. The vulnerability stems from a partial revert of commit 9d5403b1036c, which had converted generic_file_*mmap() users to .mmap_prepare(). The core issue is that .mmap_prepare() is invoked at a point where subsequent memory merge operations or allocation failures may occur; if such failures happen after the refcount increment, the reference count is never decremented, resulting in a resource leak. The fix reverts to using .mmap for refcount establishment, ensuring proper cleanup paths are maintained. This is an interim fix pending broader infrastructure changes to support .mmap_prepare() safely in this context.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Organizations running Linux systems with AFS (Andrew File System) support enabled, particularly those providing multi-user access to AFS-mounted resources or using AFS in production environments where memory pressure and long-term stability are concerns

Technical summary

The AFS filesystem in the Linux kernel incorrectly used the .mmap_prepare() callback to establish reference counts during memory mapping operations. Unlike .mmap, which is called after successful VMA (Virtual Memory Area) setup, .mmap_prepare() is invoked earlier in the mmap path where subsequent operations (such as VMA merging or allocation failures) may abort the operation without invoking cleanup paths. This results in leaked reference counts when merge failures or allocation failures occur after .mmap_prepare() has incremented the refcount. The vulnerability is fixed by reverting to the .mmap callback, which ensures refcount operations only occur when the VMA setup is guaranteed to succeed. The fix is described as interim, with future kernel infrastructure planned to properly support .mmap_prepare() in this context.

Defensive priority

medium

Recommended defensive actions

  • Review kernel version and confirm whether AFS (Andrew File System) is enabled or in use in your environment
  • Apply kernel updates containing the referenced stable commits once available from your distribution
  • Monitor for kernel stable releases incorporating commits 48c7a0eaeea41da17d1d84d2d7a4c40be122b246, f51f85c044809fbd39ac8ae07ac99bc43ce32bd5, or fbfc6578eaca12daa0c09df1e9ba7f2c657b49da
  • If AFS is required, consider temporary workarounds such as limiting AFS mmap operations or monitoring for memory pressure on affected systems
  • Assess whether local user access to AFS-mounted filesystems could trigger repeated mmap operations that would accelerate resource exhaustion

Evidence notes

The vulnerability description indicates this is a partial revert of a previous kernel commit (9d5403b1036c) that introduced unsafe .mmap_prepare() usage in the AFS filesystem. The fix commits (48c7a0eaeea41da17d1d84d2d7a4c40be122b246, f51f85c044809fbd39ac8ae07ac99bc43ce32bd5, fbfc6578eaca12daa0c09df1e9ba7f2c657b49da) restore the previous .mmap-based refcount handling. The issue is classified as resource leak/memory leak rather than memory corruption or code execution.

Official resources

2026-05-27