目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1310 CNY

100%
コーヒーを一杯おごる

CVE-2026-45985— Linux kernel 安全漏洞

AI Predicted 5.5 Difficulty: Moderate EPSS 0.02% · P7

Possible ATT&CK Techniques 1AI

T1564 · Hide Artifacts

Affected Version Matrix 16

ベンダープロダクトVersion Rangeステータス
LinuxLinuxb8a8684502a0fc852afa0056c6bb2a9273f6fcc0< 77e407967cd872cd75d7e4a691908e49c8e6b4d4affected
b8a8684502a0fc852afa0056c6bb2a9273f6fcc0< 37555690f39f78ef69af347d9aff897e07445949affected
b8a8684502a0fc852afa0056c6bb2a9273f6fcc0< 67cdb7bd7442bd3cdc6d6088bbb2df9be2fe936caffected
b8a8684502a0fc852afa0056c6bb2a9273f6fcc0< 2920ec61c98b9476781359f05b94da84e80f54d4affected
b8a8684502a0fc852afa0056c6bb2a9273f6fcc0< 2698731d25823267c29190cb578da9296a0c0d7baffected
b8a8684502a0fc852afa0056c6bb2a9273f6fcc0< 716e7439a5a9b18c3ff882c2f8c834b9ced1aaecaffected
b8a8684502a0fc852afa0056c6bb2a9273f6fcc0< feaf2a80e78f89ee8a3464126077ba8683b62791affected
3.15affected
… +8 more rows
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2026-45985の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O When allocating blocks during within-EOF DIO and writeback with dioread_nolock enabled, EXT4_GET_BLOCKS_PRE_IO was set to split an existing large unwritten extent. However, EXT4_GET_BLOCKS_CONVERT was set when calling ext4_split_convert_extents(), which may potentially result in stale data issues. Assume we have an unwritten extent, and then DIO writes the second half. [UUUUUUUUUUUUUUUU] on-disk extent U: unwritten extent [UUUUUUUUUUUUUUUU] extent status tree |<- ->| ----> dio write this range First, ext4_iomap_alloc() call ext4_map_blocks() with EXT4_GET_BLOCKS_PRE_IO, EXT4_GET_BLOCKS_UNWRIT_EXT and EXT4_GET_BLOCKS_CREATE flags set. ext4_map_blocks() find this extent and call ext4_split_convert_extents() with EXT4_GET_BLOCKS_CONVERT and the above flags set. Then, ext4_split_convert_extents() calls ext4_split_extent() with EXT4_EXT_MAY_ZEROOUT, EXT4_EXT_MARK_UNWRIT2 and EXT4_EXT_DATA_VALID2 flags set, and it calls ext4_split_extent_at() to split the second half with EXT4_EXT_DATA_VALID2, EXT4_EXT_MARK_UNWRIT1, EXT4_EXT_MAY_ZEROOUT and EXT4_EXT_MARK_UNWRIT2 flags set. However, ext4_split_extent_at() failed to insert extent since a temporary lack -ENOSPC. It zeroes out the first half but convert the entire on-disk extent to written since the EXT4_EXT_DATA_VALID2 flag set, but left the second half as unwritten in the extent status tree. [0000000000SSSSSS] data S: stale data, 0: zeroed [WWWWWWWWWWWWWWWW] on-disk extent W: written extent [WWWWWWWWWWUUUUUU] extent status tree Finally, if the DIO failed to write data to the disk, the stale data in the second half will be exposed once the cached extent entry is gone. Fix this issue by not passing EXT4_GET_BLOCKS_CONVERT when splitting an unwritten extent before submitting I/O, and make ext4_split_convert_extents() to zero out the entire extent range to zero for this case, and also mark the extent in the extent status tree for consistency.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ext4在分割未写入范围时错误设置EXT4_GET_BLOCKS_CONVERT标志,可能导致数据陈旧问题。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
LinuxLinux b8a8684502a0fc852afa0056c6bb2a9273f6fcc0 ~ 77e407967cd872cd75d7e4a691908e49c8e6b4d4 -
LinuxLinux 3.15 -

II. CVE-2026-45985の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2026-45985のインテリジェンス情報

登录查看更多情报信息。

CVE-2026-45985 补丁与修复 (7)

Same Patch Batch · Linux · 2026-05-27 · 276 CVEs total

CVE-2026-460399.8 CRITICALrxgk: Fix potential integer overflow in length check
CVE-2026-458989.8 CRITICALRDMA/iwcm: Fix workqueue list corruption by removing work_list
CVE-2026-459889.8 CRITICALrxrpc: Fix re-decryption of RESPONSE packets
CVE-2026-459729.8 CRITICALsmb: client: fix potential UAF and double free in smb2_open_file()
CVE-2026-460439.1 CRITICALRDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
CVE-2026-460568.8 HIGHBluetooth: hci_event: fix potential UAF in SSP passkey handlers
CVE-2026-459458.8 HIGHiommu/vt-d: Fix race condition during PASID entry replacement
CVE-2026-458438.2 HIGHslip: bound decode() reads against the compressed packet length
CVE-2026-460378.2 HIGHipv4: icmp: validate reply type before using icmp_pointers
CVE-2026-460108.1 HIGHrxrpc: Fix error handling in rxgk_extract_token()
CVE-2026-460998.1 HIGHnet: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
CVE-2026-460767.9 HIGHKVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
CVE-2026-458947.8 HIGHiommu/vt-d: Clear Present bit before tearing down PASID entry
CVE-2026-459597.8 HIGHcrypto: ccp - Fix a crash due to incorrect cleanup usage of kfree
CVE-2026-460117.8 HIGHmedia: mtk-jpeg: fix use-after-free in release path due to uncancelled work
CVE-2026-460157.8 HIGHtcp: call sk_data_ready() after listener migration
CVE-2026-458527.8 HIGHRDMA/rxe: Fix double free in rxe_srq_from_init
CVE-2026-460587.8 HIGHmedia: amphion: Fix race between m2m job_abort and device_run
CVE-2026-458617.8 HIGHgfs2: Fix slab-use-after-free in qd_put
CVE-2026-460537.8 HIGHnet: rds: fix MR cleanup on copy error

Showing 20 of 276 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: Linux
同じベンダー: Linux

V. CVE-2026-45985へのコメント

まだコメントはありません

コメントを残す