{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46054", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.094Z", "datePublished": "2026-05-27T12:57:12.813Z", "dateUpdated": "2026-06-30T12:10:13.939Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-14T17:51:00.698Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix overlayfs mmap() and mprotect() access checks\n\nThe existing SELinux security model for overlayfs is to allow access if\nthe current task is able to access the top level file (the \"user\" file)\nand the mounter's credentials are sufficient to access the lower\nlevel file (the \"backing\" file). Unfortunately, the current code does\nnot properly enforce these access controls for both mmap() and mprotect()\noperations on overlayfs filesystems.\n\nThis patch makes use of the newly created security_mmap_backing_file()\nLSM hook to provide the missing backing file enforcement for mmap()\noperations, and leverages the backing file API and new LSM blob to\nprovide the necessary information to properly enforce the mprotect()\naccess controls."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.1, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/selinux/hooks.c", "security/selinux/include/objsec.h"], "versions": [{"version": "2f502839e85ab265f03f25f30d6463154aee5473", "lessThan": "cd0e707a927a70cdfd8bc5a512a9719a87f5ed51", "status": "affected", "versionType": "git"}, {"version": "2f502839e85ab265f03f25f30d6463154aee5473", "lessThan": "82544d36b1729153c8aeb179e84750f0c085d3b1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/selinux/hooks.c", "security/selinux/include/objsec.h"], "versions": [{"version": "4.19", "status": "affected"}, {"version": "0", "lessThan": "4.19", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51"}, {"url": "https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1"}], "title": "selinux: fix overlayfs mmap() and mprotect() access checks", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux AppStream (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS (v. 8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux BaseOS (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::crb"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux CRB (v. 8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::crb"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::nfv"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux NFV (v. 8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::nfv"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10.2"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time (v. 10)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::realtime"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux RT (v. 8)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::realtime"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux Real Time (v. 9)", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "unknown", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat"}], "datePublic": "2026-05-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for `mmap()` and `mprotect()` operations. This oversight could allow a local attacker to bypass intended security policies, potentially leading to unauthorized access to files within an overlayfs filesystem. The vulnerability is resolved by enhancing backing file enforcement for `mmap()` and leveraging new LSM (Linux Security Module) capabilities for `mprotect()` access controls."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-280", "description": "Improper Handling of Insufficient Permissions or Privileges", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-46054"}, {"name": "RHBZ#2482025", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482025"}, {"tags": ["x_sadp-csaf-vex"], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46054.json"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:25191"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:30848"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27811"}, {"tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2026:27812"}], "solutions": [{"lang": "en", "value": "RHSA-2026:25191: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"}, {"lang": "en", "value": "RHSA-2026:30848: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"}, {"lang": "en", "value": "RHSA-2026:27811: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"}, {"lang": "en", "value": "RHSA-2026:27812: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"}], "timeline": [{"lang": "en", "time": "2026-05-27T00:00:00.000Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-05-27T00:00:00.000Z", "value": "Made public."}], "title": "kernel: selinux: fix overlayfs mmap() and mprotect() access checks", "x_adpType": "supplier", "x_generator": {"engine": "sadp-cli 1.0.0"}, "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T12:10:13.939Z"}}]}}

{}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "Linux", "programFiles": ["security/selinux/hooks.c", "security/selinux/include/objsec.h"], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [{"lessThan": "cd0e707a927a70cdfd8bc5a512a9719a87f5ed51", "status": "affected", "version": "2f502839e85ab265f03f25f30d6463154aee5473", "versionType": "git"}, {"lessThan": "82544d36b1729153c8aeb179e84750f0c085d3b1", "status": "affected", "version": "2f502839e85ab265f03f25f30d6463154aee5473", "versionType": "git"}]}, {"defaultStatus": "affected", "product": "Linux", "programFiles": ["security/selinux/hooks.c", "security/selinux/include/objsec.h"], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [{"status": "affected", "version": "4.19"}, {"lessThan": "4.19", "status": "unaffected", "version": "0", "versionType": "semver"}, {"lessThanOrEqual": "7.0.*", "status": "unaffected", "version": "7.0.4", "versionType": "semver"}, {"lessThanOrEqual": "*", "status": "unaffected", "version": "7.1", "versionType": "original_commit_for_fix"}]}], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "433A4699-5AFA-4ECB-BFA3-C3742E1DB07F", "versionEndExcluding": "7.0.4", "versionStartIncluding": "4.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix overlayfs mmap() and mprotect() access checks\n\nThe existing SELinux security model for overlayfs is to allow access if\nthe current task is able to access the top level file (the \"user\" file)\nand the mounter's credentials are sufficient to access the lower\nlevel file (the \"backing\" file). Unfortunately, the current code does\nnot properly enforce these access controls for both mmap() and mprotect()\noperations on overlayfs filesystems.\n\nThis patch makes use of the newly created security_mmap_backing_file()\nLSM hook to provide the missing backing file enforcement for mmap()\noperations, and leverages the backing file API and new LSM blob to\nprovide the necessary information to properly enforce the mprotect()\naccess controls."}], "id": "CVE-2026-46054", "lastModified": "2026-06-17T10:52:59.330", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-05-27T14:17:25.043", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: selinux: fix overlayfs mmap() and mprotect() access checks", "id": "2482025", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482025"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-280", "details": ["A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for `mmap()` and `mprotect()` operations. This oversight could allow a local attacker to bypass intended security policies, potentially leading to unauthorized access to files within an overlayfs filesystem. The vulnerability is resolved by enhancing backing file enforcement for `mmap()` and leveraging new LSM (Linux Security Module) capabilities for `mprotect()` access controls."], "name": "CVE-2026-46054", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-46054\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46054\nhttps://lore.kernel.org/linux-cve-announce/2026052754-CVE-2026-46054-b185@gregkh/T"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,cd0e707a927a70cdfd8bc5a512a9719a87f5ed51)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,82544d36b1729153c8aeb179e84750f0c085d3b1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,7.0.4)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.4,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1-rc1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-27T18:30:26.980531+00:00", "updated": "2026-06-17T23:45:13.996084+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}