Detections
Analytics

CVE-2026-46107

high

Description

In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalance_children. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and then decrement the child's reference count. If the child node is shared (it has reference count > 1), we won't free it, so there would be two pointers to each of the grandchildren nodes. But the reference counts of the grandchildren is not increased, thus the reference count doesn't match the number of pointers that point to the grandchildren. This results in "device mapper: space map common: unable to decrement block" errors. Fix this bug by incrementing reference counts on the grandchildren if the btree node is shared.

References

https://git.kernel.org/stable/c/f49b41c9eb7c6ff00df27cd49cea210abbadd8ad

https://git.kernel.org/stable/c/f06f6aededd792a754cd677c02b3d3016d868c2c

https://git.kernel.org/stable/c/85311a585a26640760cd0f3349ab9f2905691044

https://git.kernel.org/stable/c/5ec0debbcfd43596e32c1239e993de06a704e04c

https://git.kernel.org/stable/c/323d252a4a378834e4fe68298ca61cfc5dd3a460

https://git.kernel.org/stable/c/12161e03d33afce781f68fa11cc6060538862fad

https://git.kernel.org/stable/c/09a65adc7d8bbfce06392cb6d375468e2728ead5

Details

Source: Mitre, NVD

Published: 2026-05-28

Updated: 2026-06-01

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018