1. Home
  2. Vulnerabilities
  3. CVE-2026-45920
0.0
NA
CVE-2026-45920
ext4: fix dirtyclusters double decrement on fs shutdown
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4_put_super() associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324 ext4_put_super+0x48c/0x590 [ext4] Tracing the failure shows that the warning fires due to an s_dirtyclusters_counter value of -1. IOW, this appears to be a spurious decrement as opposed to some sort of leak. Further tracing of the dirty cluster count deltas and an LLM scan of the resulting output identified the cause as a double decrement in the error path between ext4_mb_mark_diskspace_used() and the caller ext4_mb_new_blocks(). First, note that generic/388 is a shutdown vs. fsstress test and so produces a random set of operations and shutdown injections. In the problematic case, the shutdown triggers an error return from the ext4_handle_dirty_metadata() call(s) made from ext4_mb_mark_context(). The changed value is non-zero at this point, so ext4_mb_mark_diskspace_used() does not exit after the error bubbles up from ext4_mb_mark_context(). Instead, the former decrements both cluster counters and returns the error up to ext4_mb_new_blocks(). The latter falls into the !ar->len out path which decrements the dirty clusters counter a second time, creating the inconsistency. To avoid this problem and simplify ownership of the cluster reservation in this codepath, lift the counter reduction to a single place in the caller. This makes it more clear that ext4_mb_new_blocks() is responsible for acquiring cluster reservation (via ext4_claim_free_clusters()) in the !delalloc case as well as releasing it, regardless of whether it ends up consumed or returned due to failure.

Details
INFO

Published Date :

May 27, 2026, 2:17 p.m.

Last Modified :

May 27, 2026, 2:48 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-45920 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Solution
Address a double decrement issue in ext4 during filesystem shutdown by centralizing counter updates.
  • Update the Linux kernel to resolve the double decrement bug.
  • Ensure filesystem metadata updates are correctly handled.
  • Review ext4 error handling paths for cluster counts.
  • Test filesystem stability after applying kernel updates.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-45920.

URL Resource
https://git.kernel.org/stable/c/3924aea2c33df3864929c1acd178bfc29d8f005f
https://git.kernel.org/stable/c/523d5a4df3c649fa305c89efb552ec62a1ce9d3d
https://git.kernel.org/stable/c/55576fa14771d33994c29a9ae960e07bb3f56c20
https://git.kernel.org/stable/c/61e372122b6d95aec940fdaea0a16f988f359897
https://git.kernel.org/stable/c/81982a11406c5da6c6e2b188028e7056e16b7128
https://git.kernel.org/stable/c/94a8cea54cd935c54fa2fba70354757c0fc245e3
https://git.kernel.org/stable/c/ca408af08544d96769c93a3d81a7f63f61129e95
https://git.kernel.org/stable/c/dbc4e10619ed87a50e637b96f2e574df36a7a769
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-45920 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-45920 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-45920 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-45920 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 27, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4_put_super() associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324 ext4_put_super+0x48c/0x590 [ext4] Tracing the failure shows that the warning fires due to an s_dirtyclusters_counter value of -1. IOW, this appears to be a spurious decrement as opposed to some sort of leak. Further tracing of the dirty cluster count deltas and an LLM scan of the resulting output identified the cause as a double decrement in the error path between ext4_mb_mark_diskspace_used() and the caller ext4_mb_new_blocks(). First, note that generic/388 is a shutdown vs. fsstress test and so produces a random set of operations and shutdown injections. In the problematic case, the shutdown triggers an error return from the ext4_handle_dirty_metadata() call(s) made from ext4_mb_mark_context(). The changed value is non-zero at this point, so ext4_mb_mark_diskspace_used() does not exit after the error bubbles up from ext4_mb_mark_context(). Instead, the former decrements both cluster counters and returns the error up to ext4_mb_new_blocks(). The latter falls into the !ar->len out path which decrements the dirty clusters counter a second time, creating the inconsistency. To avoid this problem and simplify ownership of the cluster reservation in this codepath, lift the counter reduction to a single place in the caller. This makes it more clear that ext4_mb_new_blocks() is responsible for acquiring cluster reservation (via ext4_claim_free_clusters()) in the !delalloc case as well as releasing it, regardless of whether it ends up consumed or returned due to failure.
    Added Reference https://git.kernel.org/stable/c/3924aea2c33df3864929c1acd178bfc29d8f005f
    Added Reference https://git.kernel.org/stable/c/523d5a4df3c649fa305c89efb552ec62a1ce9d3d
    Added Reference https://git.kernel.org/stable/c/55576fa14771d33994c29a9ae960e07bb3f56c20
    Added Reference https://git.kernel.org/stable/c/61e372122b6d95aec940fdaea0a16f988f359897
    Added Reference https://git.kernel.org/stable/c/81982a11406c5da6c6e2b188028e7056e16b7128
    Added Reference https://git.kernel.org/stable/c/94a8cea54cd935c54fa2fba70354757c0fc245e3
    Added Reference https://git.kernel.org/stable/c/ca408af08544d96769c93a3d81a7f63f61129e95
    Added Reference https://git.kernel.org/stable/c/dbc4e10619ed87a50e637b96f2e574df36a7a769
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.