CVE-2026-46299— Linux kernel 安全漏洞

CVSS 7.0 · High EPSS 0.11% · P2 更新于 2026-06-19

可能的 ATT&CK 技术 1AI

T1499.003 · Application Exhaustion Flood

影响版本矩阵 18

厂商	产品	版本范围	状态
Linux	Linux	`89ac9b4d3d1a049ae1054f99b1aed81092cd0a82< e890656accee4c26d932ea388eb8936a6e22184d`	affected
		`89ac9b4d3d1a049ae1054f99b1aed81092cd0a82< 6499c9c8ec437a369e7e221dad91f6122b50759d`	affected
		`89ac9b4d3d1a049ae1054f99b1aed81092cd0a82< c554ddc87af4d4e4be42f8aed1baec9e1c7588e0`	affected
		`89ac9b4d3d1a049ae1054f99b1aed81092cd0a82< 3ca80e3012c8be85b4f8d0d20eac8d3b17ff257e`	affected
		`89ac9b4d3d1a049ae1054f99b1aed81092cd0a82< 041acda6d9f96006703466449c10c9a69590c8b9`	affected
		`89ac9b4d3d1a049ae1054f99b1aed81092cd0a82< d309d3308de658d87c42d97e044c89a226327526`	affected
		`89ac9b4d3d1a049ae1054f99b1aed81092cd0a82< bfbcce6a7b0552a390620d9b2c4d2bcb1825cbdc`	affected
		`89ac9b4d3d1a049ae1054f99b1aed81092cd0a82< 90c500e4fd83fa33c09bc7ee23b6d9cc487ac733`	affected
… +10 条更多

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2026-46299 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

hfsplus: fix held lock freed on hfsplus_fill_super()

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplus_fill_super() hfsplus_fill_super() calls hfs_find_init() to initialize a search structure, which acquires tree->tree_lock. If the subsequent call to hfsplus_cat_build_key() fails, the function jumps to the out_put_root error label without releasing the lock. The later cleanup path then frees the tree data structure with the lock still held, triggering a held lock freed warning. Fix this by adding the missing hfs_find_exit(&fd) call before jumping to the out_put_root error label. This ensures that tree->tree_lock is properly released on the error path. The bug was originally detected on v6.13-rc1 using an experimental static analysis tool we are developing, and we have verified that the issue persists in the latest mainline kernel. The tool is specifically designed to detect memory management issues. It is currently under active development and not yet publicly available. We confirmed the bug by runtime testing under QEMU with x86_64 defconfig, lockdep enabled, and CONFIG_HFSPLUS_FS=y. To trigger the error path, we used GDB to dynamically shrink the max_unistr_len parameter to 1 before hfsplus_asc2uni() is called. This forces hfsplus_asc2uni() to naturally return -ENAMETOOLONG, which propagates to hfsplus_cat_build_key() and exercises the faulty error path. The following warning was observed during mount: ========================= WARNING: held lock freed! 7.0.0-rc3-00016-gb4f0dd314b39 #4 Not tainted ------------------------- mount/174 is freeing memory ffff888103f92000-ffff888103f92fff, with a lock still held there! ffff888103f920b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x154/0x1e0 2 locks held by mount/174: #0: ffff888103f960e0 (&type->s_umount_key#42/1){+.+.}-{4:4}, at: alloc_super.constprop.0+0x167/0xa40 #1: ffff888103f920b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x154/0x1e0 stack backtrace: CPU: 2 UID: 0 PID: 174 Comm: mount Not tainted 7.0.0-rc3-00016-gb4f0dd314b39 #4 PREEMPT(lazy) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x82/0xd0 debug_check_no_locks_freed+0x13a/0x180 kfree+0x16b/0x510 ? hfsplus_fill_super+0xcb4/0x18a0 hfsplus_fill_super+0xcb4/0x18a0 ? __pfx_hfsplus_fill_super+0x10/0x10 ? srso_return_thunk+0x5/0x5f ? bdev_open+0x65f/0xc30 ? srso_return_thunk+0x5/0x5f ? pointer+0x4ce/0xbf0 ? trace_contention_end+0x11c/0x150 ? __pfx_pointer+0x10/0x10 ? srso_return_thunk+0x5/0x5f ? bdev_open+0x79b/0xc30 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? vsnprintf+0x6da/0x1270 ? srso_return_thunk+0x5/0x5f ? __mutex_unlock_slowpath+0x157/0x740 ? __pfx_vsnprintf+0x10/0x10 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? mark_held_locks+0x49/0x80 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? irqentry_exit+0x17b/0x5e0 ? trace_irq_disable.constprop.0+0x116/0x150 ? __pfx_hfsplus_fill_super+0x10/0x10 ? __pfx_hfsplus_fill_super+0x10/0x10 get_tree_bdev_flags+0x302/0x580 ? __pfx_get_tree_bdev_flags+0x10/0x10 ? vfs_parse_fs_qstr+0x129/0x1a0 ? __pfx_vfs_parse_fs_qstr+0x3/0x10 vfs_get_tree+0x89/0x320 fc_mount+0x10/0x1d0 path_mount+0x5c5/0x21c0 ? __pfx_path_mount+0x10/0x10 ? trace_irq_enable.constprop.0+0x116/0x150 ? trace_irq_enable.constprop.0+0x116/0x150 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? kmem_cache_free+0x307/0x540 ? user_path_at+0x51/0x60 ? __x64_sys_mount+0x212/0x280 ? srso_return_thunk+0x5/0x5f __x64_sys_mount+0x212/0x280 ? __pfx___x64_sys_mount+0x10/0x10 ? srso_return_thunk+0x5/0x5f ? trace_irq_enable.constprop.0+0x116/0x150 ? srso_return_thunk+0x5/0x5f do_syscall_64+0x111/0x680 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ffacad55eae Code: 48 8b 0d 85 1f 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 8 RSP: 002b ---truncated---

来源: 美国国家漏洞数据库 NVD

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

Linux kernel 安全漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞，该漏洞源于hfsplus_fill_super函数中锁释放不当，可能导致释放已持有的锁。以下版本受到影响：6.13-rc1版本。

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE	订阅
Linux	Linux	89ac9b4d3d1a049ae1054f99b1aed81092cd0a82 ~ e890656accee4c26d932ea388eb8936a6e22184d	-
Linux	Linux	3.19	-

二、漏洞 CVE-2026-46299 的公开POC

#	POC 描述	源链接	神龙链接

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2026-46299 的情报信息

请登录查看更多情报信息。

CVE-2026-46299 补丁与修复 (8)

https://nvd.nist.gov/vuln/detail/CVE-2026-46299

同批安全公告 · Linux · 2026-06-08 · 共 41 条

CVE-2026-46289	9.8 CRITICAL	Linux kernel 安全漏洞
CVE-2026-46288	8.4 HIGH	Linux kernel 安全漏洞
CVE-2026-46307	8.3 HIGH	Linux kernel 安全漏洞
CVE-2026-46303	8.2 HIGH	Linux kernel 安全漏洞
CVE-2026-46275	7.8 HIGH	Linux kernel 安全漏洞
CVE-2026-46277	7.8 HIGH	Linux kernel 安全漏洞
CVE-2026-46311	7.8 HIGH	Linux kernel 安全漏洞
CVE-2026-46274	7.8 HIGH	Linux kernel 安全漏洞
CVE-2026-46280	7.8 HIGH	Linux kernel 安全漏洞
CVE-2026-46306	7.5 HIGH	Linux kernel 安全漏洞
CVE-2026-46304	7.5 HIGH	Linux kernel 安全漏洞
CVE-2025-71315		Linux kernel 安全漏洞
CVE-2026-46287		Linux kernel 安全漏洞
CVE-2026-46286		Linux kernel 安全漏洞
CVE-2026-46285		Linux kernel 安全漏洞
CVE-2026-46284		Linux kernel 安全漏洞
CVE-2026-46283		Linux kernel 安全漏洞
CVE-2026-46282		Linux kernel 安全漏洞
CVE-2026-46281		Linux kernel 安全漏洞
CVE-2026-46279		Linux kernel 安全漏洞

显示前 20 条，共 41 条。查看全部 → →

IV. Related Vulnerabilities

Same product: Linux

Same vendor: Linux

V. Comments for CVE-2026-46299

暂无评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2026-46299— Linux kernel 安全漏洞

可能的 ATT&CK 技术 1AI

影响版本矩阵 18

一、漏洞 CVE-2026-46299 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2026-46299 的公开POC

三、漏洞 CVE-2026-46299 的情报信息

CVE-2026-46299 补丁与修复 (8)

同批安全公告 · Linux · 2026-06-08 · 共 41 条

IV. Related Vulnerabilities

V. Comments for CVE-2026-46299

发表评论

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2026-46299— Linux kernel 安全漏洞

可能的 ATT&CK 技术 1AI

影响版本矩阵 18

一、 漏洞 CVE-2026-46299 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2026-46299 的公开POC

三、漏洞 CVE-2026-46299 的情报信息

CVE-2026-46299 补丁与修复 (8)

同批安全公告 · Linux · 2026-06-08 · 共 41 条

IV. Related Vulnerabilities

V. Comments for CVE-2026-46299

发表评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2026-46299 基础信息