CVE-2026-46107

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

dm-thin: fix metadata refcount underflow

There's a bug in dm-thin in the function rebalance_children. If the
internal btree node has one entry, the code tries to copy all btree
entries from the node's child to the node itself and then decrement the
child's reference count.

If the child node is shared (it has reference count > 1), we won't free
it, so there would be two pointers to each of the grandchildren nodes.
But the reference counts of the grandchildren is not increased, thus the
reference count doesn't match the number of pointers that point to the
grandchildren. This results in 'device mapper: space map common: unable
to decrement block' errors.

Fix this bug by incrementing reference counts on the grandchildren if the
btree node is shared.

https://git.kernel.org/stable/c/09a65adc7d8bbfce06392cb6d37…

https://git.kernel.org/stable/c/09a65adc7d8bbfce06392cb6d375468e2728ead5

https://git.kernel.org/stable/c/12161e03d33afce781f68fa11cc…

https://git.kernel.org/stable/c/12161e03d33afce781f68fa11cc6060538862fad

https://git.kernel.org/stable/c/323d252a4a378834e4fe68298ca…

https://git.kernel.org/stable/c/323d252a4a378834e4fe68298ca61cfc5dd3a460

https://git.kernel.org/stable/c/5ec0debbcfd43596e32c1239e99…

https://git.kernel.org/stable/c/5ec0debbcfd43596e32c1239e993de06a704e04c

https://git.kernel.org/stable/c/85311a585a26640760cd0f3349a…

https://git.kernel.org/stable/c/85311a585a26640760cd0f3349ab9f2905691044

CVE-2026-46107

Description

Iscriviti alla newsletter