What is GHSA-97pw-xx9j-rg9j?

GHSA-97pw-xx9j-rg9j is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive...

Which CVE IDs does GHSA-97pw-xx9j-rg9j cover?

GHSA-97pw-xx9j-rg9j covers the following CVE IDs: CVE-2026-46150. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-97pw-xx9j-rg9j?

GHSA-97pw-xx9j-rg9j has a CVSS v3 base score of 7.1, published by GitHub Security Advisories.

GHSA-97pw-xx9j-rg9jHighCVSS 7.1

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive...

Vendor

GitHub Security Advisories

Published

May 28, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2026-46150 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

fanotify: fix false positive on permission events

fsnotify_get_mark_safe() may return false for a mark on an unrelated group, which results in bypassing the permission check.

Fix by skipping over detached marks that are not in the current group.

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2026-46150
https://git.kernel.org/stable/c/7746e3bd4cc19b5092e00d32d676e329bfcb6900
https://git.kernel.org/stable/c/7baa02b0ae9d17ec5f08836d8ea88ce1927d0678
https://git.kernel.org/stable/c/895ebbedf88318607c24acc0f591c74b165e1d0a
https://git.kernel.org/stable/c/b7b24b28c8cd55844cab908f4f39dded638d5538
https://git.kernel.org/stable/c/f130790f1acc8399f32652846c875a251efd040f
https://github.com/advisories/GHSA-97pw-xx9j-rg9j