Skip to main content

Linux Kernel EUVDEUVD-2026-32381

| CVE-2026-45915 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-2qhg-8p2v-wf99
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local vector and low privileges required to mount and rmdir on FAT filesystem; pure availability impact from kernel WARN_ON with no confidentiality or integrity exposure.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 24, 2026 - 19:51 vuln.today
CVSS changed
Jun 24, 2026 - 17:38 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

fat: avoid parent link count underflow in rmdir

Corrupted FAT images can leave a directory inode with an incorrect i_nlink (e.g. 2 even though subdirectories exist). rmdir then unconditionally calls drop_nlink(dir) and can drive i_nlink to 0, triggering the WARN_ON in drop_nlink().

Add a sanity check in vfat_rmdir() and msdos_rmdir(): only drop the parent link count when it is at least 3, otherwise report a filesystem error.

AnalysisAI

Availability impact in the Linux kernel FAT filesystem driver allows a local low-privileged user to trigger a kernel WARN_ON by mounting and operating on a corrupted FAT image with incorrect directory link counts. Specifically, rmdir unconditionally decrements the parent inode's i_nlink without first verifying it is at least 3, allowing underflow to zero on malformed images. No public exploit has been identified and the EPSS probability is 0.02% (7th percentile), but the kernel WARN_ON can cause a system crash, making the real-world availability impact high on affected systems where users can mount FAT images.

Technical ContextAI

The Linux kernel's FAT filesystem driver (covering both vfat and msdos variants) maintains directory hard-link counts via the VFS inode i_nlink field. By POSIX convention, directories start with link count 2 (for '.' and the parent entry) and gain one count per subdirectory via the '..' entry in each child. The rmdir path in fat/dir.c calls drop_nlink(dir) to decrement the parent's link count when removing a subdirectory, but it does so unconditionally without first validating that the count is ≥ 3. A corrupted FAT on-disk image (e.g., crafted using a hex editor or generated by a faulty implementation) can present a directory inode with i_nlink = 2 even if subdirectories are present. When rmdir is called against such a directory, drop_nlink drives i_nlink to 0, which triggers the WARN_ON assertion inside drop_nlink() at fs/inode.c, potentially causing a kernel oops or panic. Affected CPE: cpe:2.3:o:linux:linux_kernel across all supported stable branches from 2.6.19 onward. CWE classification is absent from the NVD entry, but this is best characterized as an improper input validation / integer underflow in filesystem metadata handling.

RemediationAI

The primary fix is to upgrade the Linux kernel to a patched stable release: 5.10.252 or later in the 5.10.x series, 5.15.202 or later in the 5.15.x series, 6.1.165 or later in the 6.1.x series, 6.6.128 or later in the 6.6.x series, 6.12.75 or later in the 6.12.x series, 6.18.14 or later in the 6.18.x series, 6.19.4 or later in the 6.19.x series, or any 7.0 release. Upstream commits are available at the kernel stable tree references provided in NVD. Distribution-specific updates should be applied via the distro's package manager (e.g., apt upgrade linux-image, dnf update kernel, pacman -Syu). As a compensating control where patching is not immediately possible, restrict unprivileged user ability to mount FAT filesystems by disabling or restricting udisks2 automounting (systemctl mask udisks2), removing SUID/capability bits from mount helpers, or enforcing kernel lockdown mode. Note that restricting FAT mounting may break removable media workflows for desktop users. There is no kernel module unload option for the FAT driver on systems with FAT currently mounted.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-32381 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy