NVD Vulnerability Detail

CVE-2026-46040

Summary	In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails When fsnotify_add_inode_mark_locked() fails in inotify_new_watch(), the error path calls inotify_remove_from_idr() but does not call dec_inotify_watches() to undo the preceding inc_inotify_watches(). This leaks a watch count, and repeated failures can exhaust the max_user_watches limit with -ENOSPC even when no watches are active. Prior to commit 1cce1eea0aff ("inotify: Convert to using per-namespace limits"), the watch count was incremented after fsnotify_add_mark_locked() succeeded, so this path was not affected. The conversion moved inc_inotify_watches() before the mark insertion without adding the corresponding rollback. Add the missing dec_inotify_watches() call in the error path.
Publication Date	May 27, 2026, 11:17 p.m.
Registration Date	May 28, 2026, 4:13 a.m.
Last Update	June 2, 2026, 2:17 a.m.

Related information, measures and tools

No	URL	refsource
1	https://git.kernel.org/stable/c/10edf7e0ffdc7faa18e2244b17722c1b882b8273	416baaa9-dc9f-4396-8d5f-8c081fb06d67
2	https://git.kernel.org/stable/c/3ab58cf42c46bf2366d2f55ae5c59299d5e178b7	416baaa9-dc9f-4396-8d5f-8c081fb06d67
3	https://git.kernel.org/stable/c/3ad9ccea1b25435f6179b57aa891960beb7ce8f9	416baaa9-dc9f-4396-8d5f-8c081fb06d67
4	https://git.kernel.org/stable/c/6a320935fa4293e9e599ec9f85dc9eb3be7029f8	416baaa9-dc9f-4396-8d5f-8c081fb06d67
5	https://git.kernel.org/stable/c/73ddc8518a32baff6bc17afda4ee1ebae5b4ed12	416baaa9-dc9f-4396-8d5f-8c081fb06d67
6	https://git.kernel.org/stable/c/8bcc1cd237ab5ccfdd102869fa031c541943cf40	416baaa9-dc9f-4396-8d5f-8c081fb06d67
7	https://git.kernel.org/stable/c/9e48844f708eb48bae4e79cb21edc097c966306d	416baaa9-dc9f-4396-8d5f-8c081fb06d67
8	https://git.kernel.org/stable/c/fdaa42ca370d056428e5e171247c8fdce8dff36a	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Common Vulnerabilities List

JVN Vulnerability Information

LinuxのLinux Kernelにおける不特定の脆弱性

Title	LinuxのLinux Kernelにおける不特定の脆弱性
Summary	Linuxカーネルにおけるinotifyの脆弱性は、fsnotify_add_inode_mark_locked()が失敗した際にウォッチカウントがリークしていました。この問題は、inotify_new_watch()でfsnotify_add_inode_mark_locked()が失敗した際に、inc_inotify_watches()のインクリメントを元に戻すdec_inotify_watches()が呼び出されなかったために発生しました。この結果、リソース制限(max_user_watches)が不正に消費され、-ENOSPCエラーを引き起こす可能性があります。本脆弱性は、エラーハンドリングにdec_inotify_watches()の呼び出しを追加することで修正されました。
Possible impacts	・当該ソフトウェアが扱う情報について、外部への漏えいは発生しません。・当該ソフトウェアが扱う情報について、書き換えは発生しません。・当該ソフトウェアが完全に停止する可能性があります。
Solution	リリース情報、またはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	May 27, 2026, midnight
Registration Date	June 17, 2026, 3:40 p.m.
Last Update	June 17, 2026, 3:40 p.m.

Affected System

Linux

Linux Kernel 4.11 以上 5.10.258 未満

Linux Kernel 5.11 以上 5.15.209 未満

Linux Kernel 5.16 以上 6.1.175 未満

Linux Kernel 6.13 以上 6.18.27 未満

Linux Kernel 6.19 以上 7.0.4 未満

Linux Kernel 6.2 以上 6.6.140 未満

Linux Kernel 6.7 以上 6.12.86 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-46040	https://www.cve.org/CVERecord?id=CVE-2026-46040
National Vulnerability Database (NVD)
2	CVE-2026-46040	https://nvd.nist.gov/vuln/detail/CVE-2026-46040

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/scap/cwe.html

その他

No	Name	URL
関連文書
1	inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/10edf7e0ffdc7faa18e2244b17722c1b882b8273)	https://git.kernel.org/stable/c/10edf7e0ffdc7faa18e2244b17722c1b882b8273
2	inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/3ab58cf42c46bf2366d2f55ae5c59299d5e178b7)	https://git.kernel.org/stable/c/3ab58cf42c46bf2366d2f55ae5c59299d5e178b7
3	inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/3ad9ccea1b25435f6179b57aa891960beb7ce8f9)	https://git.kernel.org/stable/c/3ad9ccea1b25435f6179b57aa891960beb7ce8f9
4	inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/6a320935fa4293e9e599ec9f85dc9eb3be7029f8)	https://git.kernel.org/stable/c/6a320935fa4293e9e599ec9f85dc9eb3be7029f8
5	inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/73ddc8518a32baff6bc17afda4ee1ebae5b4ed12)	https://git.kernel.org/stable/c/73ddc8518a32baff6bc17afda4ee1ebae5b4ed12
6	inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/8bcc1cd237ab5ccfdd102869fa031c541943cf40)	https://git.kernel.org/stable/c/8bcc1cd237ab5ccfdd102869fa031c541943cf40
7	inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/9e48844f708eb48bae4e79cb21edc097c966306d)	https://git.kernel.org/stable/c/9e48844f708eb48bae4e79cb21edc097c966306d
8	inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/fdaa42ca370d056428e5e171247c8fdce8dff36a)	https://git.kernel.org/stable/c/fdaa42ca370d056428e5e171247c8fdce8dff36a

Change Log

No	Changed Details	Date of change
1	[2026年06月17日] 掲載	June 17, 2026, 3:40 p.m.