{"id":"CVE-2026-46150","summary":"fanotify: fix false positive on permission events","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nfanotify: fix false positive on permission events\n\nfsnotify_get_mark_safe() may return false for a mark on an unrelated group,\nwhich results in bypassing the permission check.\n\nFix by skipping over detached marks that are not in the current group.","modified":"2026-07-09T10:14:37.040475981Z","published":"2026-05-28T09:36:06.494Z","related":["SUSE-SU-2026:22433-1","SUSE-SU-2026:22436-1","SUSE-SU-2026:22458-1","SUSE-SU-2026:22460-1","SUSE-SU-2026:2450-1","SUSE-SU-2026:2630-1","SUSE-SU-2026:2631-1","SUSE-SU-2026:2632-1","SUSE-SU-2026:2638-1","SUSE-SU-2026:2658-1","SUSE-SU-2026:2722-1","SUSE-SU-2026:2799-1","openSUSE-SU-2026:10954-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46150.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/04bb66be92f48ed13c3faf1139d892df228789bc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4a7611ad653785fcdea5ff5f4441e2b7d05b7f11"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7746e3bd4cc19b5092e00d32d676e329bfcb6900"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7baa02b0ae9d17ec5f08836d8ea88ce1927d0678"},{"type":"WEB","url":"https://git.kernel.org/stable/c/895ebbedf88318607c24acc0f591c74b165e1d0a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a24765332e129c1916d5a6615418b75599b8fcdc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b7b24b28c8cd55844cab908f4f39dded638d5538"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f130790f1acc8399f32652846c875a251efd040f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46150.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46150"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"abc77577a669f424c5d0c185b9994f2621c52aa4"},{"fixed":"a24765332e129c1916d5a6615418b75599b8fcdc"},{"fixed":"4a7611ad653785fcdea5ff5f4441e2b7d05b7f11"},{"fixed":"04bb66be92f48ed13c3faf1139d892df228789bc"},{"fixed":"895ebbedf88318607c24acc0f591c74b165e1d0a"},{"fixed":"f130790f1acc8399f32652846c875a251efd040f"},{"fixed":"7baa02b0ae9d17ec5f08836d8ea88ce1927d0678"},{"fixed":"b7b24b28c8cd55844cab908f4f39dded638d5538"},{"fixed":"7746e3bd4cc19b5092e00d32d676e329bfcb6900"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46150.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.12.0"},{"fixed":"5.10.258"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.209"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.175"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.140"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.88"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.30"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46150.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}