Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-46080— ocfs2: split transactions in dio completion to avoid credit exhaustion

AI Predicted 3.3 Difficulty: Moderate EPSS 0.03% · P10

Affected Version Matrix 18

VendorProductVersion RangeStatus
LinuxLinuxc15471f79506830f80eca0e7fe09b8213953ab5f< 97c03c0e9f73a5049794b3c69ee60fb5e8b0ebd8affected
c15471f79506830f80eca0e7fe09b8213953ab5f< 1e99bb19994246514d63e656492904176f9d5eddaffected
c15471f79506830f80eca0e7fe09b8213953ab5f< 91e05ac2336d00d5b99fc774be4bd50039084796affected
c15471f79506830f80eca0e7fe09b8213953ab5f< 886f97fa59d0bbfa9859fb1a66dd9e014b522d89affected
c15471f79506830f80eca0e7fe09b8213953ab5f< ea5bb1d20da756e4f41a48dad42b2e7d6e73f71eaffected
c15471f79506830f80eca0e7fe09b8213953ab5f< 3c636a3edca9c3f180b3079f94fe7e115730d9c6affected
c15471f79506830f80eca0e7fe09b8213953ab5f< 069c3fb310e9336cf48cfdf8748a32c29fd0193daffected
c15471f79506830f80eca0e7fe09b8213953ab5f< d647c5b2fbf81560818dacade360abc8c00a9665affected
… +10 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-46080

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ocfs2: split transactions in dio completion to avoid credit exhaustion
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in dio completion to avoid credit exhaustion During ocfs2 dio operations, JBD2 may report warnings via following call trace: ocfs2_dio_end_io_write ocfs2_mark_extent_written ocfs2_change_extent_flag ocfs2_split_extent ocfs2_try_to_merge_extent ocfs2_extend_rotate_transaction ocfs2_extend_trans jbd2__journal_restart start_this_handle output: JBD2: kworker/6:2 wants too many credits credits:5450 rsv_credits:0 max:5449 To prevent exceeding the credits limit, modify ocfs2_dio_end_io_write() to handle extents in a batch of transaction. Additionally, relocate ocfs2_del_inode_from_orphan(). The orphan inode should only be removed from the orphan list after the extent tree update is complete. This ensures that if a crash occurs in the middle of extent tree updates, we won't leave stale blocks beyond EOF. This patch also changes the logic for updating the inode size and removing orphan, making it similar to ext4_dio_write_end_io(). Both operations are performed only when everything looks good. Finally, thanks to Jans and Joseph for providing the bug fix prototype and suggestions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ocfs2中直接I/O完成时事务拆分不当可能导致信用耗尽。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux c15471f79506830f80eca0e7fe09b8213953ab5f ~ 97c03c0e9f73a5049794b3c69ee60fb5e8b0ebd8 -
LinuxLinux 4.6 -

II. Public POCs for CVE-2026-46080

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-46080

登录查看更多情报信息。

Patches & Fixes for CVE-2026-46080 (7)

Other References for CVE-2026-46080 (1)

Same Patch Batch · Linux · 2026-05-27 · 276 CVEs total

CVE-2026-458989.8 CRITICALRDMA/iwcm: Fix workqueue list corruption by removing work_list
CVE-2026-459729.8 CRITICALsmb: client: fix potential UAF and double free in smb2_open_file()
CVE-2026-460399.8 CRITICALrxgk: Fix potential integer overflow in length check
CVE-2026-459889.8 CRITICALrxrpc: Fix re-decryption of RESPONSE packets
CVE-2026-460439.1 CRITICALRDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
CVE-2026-460568.8 HIGHBluetooth: hci_event: fix potential UAF in SSP passkey handlers
CVE-2026-459458.8 HIGHiommu/vt-d: Fix race condition during PASID entry replacement
CVE-2026-460378.2 HIGHipv4: icmp: validate reply type before using icmp_pointers
CVE-2026-458438.2 HIGHslip: bound decode() reads against the compressed packet length
CVE-2026-460108.1 HIGHrxrpc: Fix error handling in rxgk_extract_token()
CVE-2026-460998.1 HIGHnet: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
CVE-2026-460767.9 HIGHKVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1
CVE-2026-459427.8 HIGHext4: fix e4b bitmap inconsistency reports
CVE-2026-459707.8 HIGHbonding: alb: fix UAF in rlb_arp_recv during bond up/down
CVE-2026-459807.8 HIGHaccel/amdxdna: Stop job scheduling across aie2_release_resource()
CVE-2026-459517.8 HIGHbpf: Fix a potential use-after-free of BTF object
CVE-2026-458527.8 HIGHRDMA/rxe: Fix double free in rxe_srq_from_init
CVE-2026-460367.8 HIGHvfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex
CVE-2026-459317.8 HIGHaccel/amdxdna: Hold mm structure across iommu_sva_unbind_device()
CVE-2026-460657.8 HIGHfbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

Showing top 20 of 276 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2026-46080

No comments yet

Leave a comment