CVE-2026-46194

NONECVSS 0.0

0.0

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix node_cnt race between extent node destroy and writeback

f2fs_destroy_extent_node() does not set FI_NO_EXTENT before clearing extent nodes. When called from f2fs_drop_inode() with I_SYNC set, concurrent kworker writeback can insert new extent nodes into the same extent tree, racing with the destroy and triggering f2fs_bug_on() in __destroy_extent_node(). The scenario is as follows:

drop inode writeback

iput
f2fs_drop_inode // I_SYNC set
f2fs_destroy_extent_node
__destroy_extent_node
while (node_cnt) {

write_lock(&et->lock) __free_extent_tree write_unlock(&et->lock)

__writeback_single_inode
f2fs_outplace_write_data
f2fs_update_read_extent_cache
__update_extent_tree_range

// FI_NO_EXTENT not set, // insert new extent node } // node_cnt == 0, exit while

f2fs_bug_on(node_cnt) // node_cnt > 0

Additionally, __update_extent_tree_range() only checks FI_NO_EXTENT for EX_READ type, leaving EX_BLOCK_AGE updates completely unprotected.

This patch set FI_NO_EXTENT under et->lock in __destroy_extent_node(), consistent with other callers (__update_extent_tree_range and __drop_extent_tree) and check FI_NO_EXTENT for both EX_READ and EX_BLOCK_AGE tree.

CVSS v3: —
EG Score: 0.0(none)
EPSS: 5.1%
KEV: Not listed

Published

May 28, 2026

Last Modified

May 28, 2026

References (5)

416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0559a0e962aacbb47519e26ee663be04b72dcb92
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/42dd1c91f993431d0b399502479d00e6ad1bca71
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ab1eaf9d5c99042f5b0243bf67a06283a4c0757f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b0e4395870eb3441ddc959f6710b5f6ca61aff26
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ed78aeebef05212ef7dca93bd931e4eff67c113f

Vendor Advisories for CVE-2026-46194(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

GHSA-fjrm-vjgq-9rp6
GitHub Security Advisoriesunknown
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix node_cnt race...

Data Freshness Timeline

(refreshed 9× in last 7d / 9× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-05-31 22:30 UTCepss_batch
2026-05-31 22:30 UTCepss_batch
2026-05-31 00:16 UTCepss_batch
2026-05-31 00:16 UTCepss_batch
2026-05-29 13:44 UTCepss_batch
2026-05-29 13:44 UTCepss_batch
2026-05-28 13:44 UTCepss_batch
2026-05-28 13:44 UTCepss_batch
2026-05-28 10:10 UTCEG score recompute

Frequently asked(4)

What is CVE-2026-46194?

CVE-2026-46194 is a none vulnerability published on May 28, 2026. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix node_cnt race between extent node destroy and writeback f2fsdestroyextentnode() does not set FINO_EXTENT before clearing extent nodes. When called from f2fsdropinode() with I_SYNC set, concurrent kworker writeback can…

When was CVE-2026-46194 disclosed?

CVE-2026-46194 was first published in the National Vulnerability Database on May 28, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2026-46194 actively exploited?

CVE-2026-46194 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 5.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.

How do I remediate CVE-2026-46194?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-46194, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-46194

Explore →

Is Your Infrastructure Affected by CVE-2026-46194?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2026-46194

📅 Published

🔄 Last Modified

🔗 References (5)

📣 Vendor Advisories for CVE-2026-46194(1)