{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45899", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.083Z", "datePublished": "2026-05-27T12:17:08.447Z", "dateUpdated": "2026-05-27T12:17:08.447Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:17:08.447Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop extent cache when splitting extent fails\n\nWhen the split extent fails, we might leave some extents still being\nprocessed and return an error directly, which will result in stale\nextent entries remaining in the extent status tree. So drop all of the\nremaining potentially stale extents if the splitting fails."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/extents.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "6e54f8dfee359bbd58086c883ea8cffd5312999d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "337506dc652383c80839edb8d8dcdd8ff2129b4f", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "dc7c9b9d03a59a7fe483574531327e650a4b4adc", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "120c6bd7ca9d3e80a968b758cbb3fbd67570f132", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "808f3191498f300174523c54cab101e18795ae4e", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "31bf37cf53ede8145e2bc62da803d4506da92975", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "79b592e8f1b435796cbc2722190368e3e8ffd7a1", "status": "affected", "versionType": "git"}, {"version": "0", "lessThan": "5.10.253", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "5.15.203", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "6.6.130", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "6.12.75", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "6.18.14", "status": "affected", "versionType": "semver"}, {"version": "0", "lessThan": "6.19.4", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ext4/extents.c"], "versions": [{"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.14", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.4", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.18.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6e54f8dfee359bbd58086c883ea8cffd5312999d"}, {"url": "https://git.kernel.org/stable/c/337506dc652383c80839edb8d8dcdd8ff2129b4f"}, {"url": "https://git.kernel.org/stable/c/dc7c9b9d03a59a7fe483574531327e650a4b4adc"}, {"url": "https://git.kernel.org/stable/c/120c6bd7ca9d3e80a968b758cbb3fbd67570f132"}, {"url": "https://git.kernel.org/stable/c/808f3191498f300174523c54cab101e18795ae4e"}, {"url": "https://git.kernel.org/stable/c/31bf37cf53ede8145e2bc62da803d4506da92975"}, {"url": "https://git.kernel.org/stable/c/79b592e8f1b435796cbc2722190368e3e8ffd7a1"}], "title": "ext4: drop extent cache when splitting extent fails", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: drop extent cache when splitting extent fails\n\nWhen the split extent fails, we might leave some extents still being\nprocessed and return an error directly, which will result in stale\nextent entries remaining in the extent status tree. So drop all of the\nremaining potentially stale extents if the splitting fails."}], "id": "CVE-2026-45899", "lastModified": "2026-05-27T14:48:31.480", "metrics": {}, "published": "2026-05-27T14:17:04.227", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/120c6bd7ca9d3e80a968b758cbb3fbd67570f132"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/31bf37cf53ede8145e2bc62da803d4506da92975"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/337506dc652383c80839edb8d8dcdd8ff2129b4f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6e54f8dfee359bbd58086c883ea8cffd5312999d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/79b592e8f1b435796cbc2722190368e3e8ffd7a1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/808f3191498f300174523c54cab101e18795ae4e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dc7c9b9d03a59a7fe483574531327e650a4b4adc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: ext4: drop extent cache when splitting extent fails", "id": "2482048", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482048"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-459", "details": ["A flaw was found in the Linux kernel, specifically within the ext4 filesystem's extent cache management. When an operation to split an extent fails, the system may not properly clear all related entries, leading to stale extent entries remaining in the extent status tree. This can result in data integrity issues or potential system instability."], "name": "CVE-2026-45899", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-45899\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-45899\nhttps://lore.kernel.org/linux-cve-announce/2026052719-CVE-2026-45899-a56d@gregkh/T"], "threat_severity": "Moderate"}