fat: avoid parent link count underflow in rmdir

Summary

CVE	CVE-2026-45915
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-27 14:17:06 UTC
Updated	2026-05-27 14:48:03 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect i_nlink (e.g. 2 even though subdirectories exist). rmdir then unconditionally calls drop_nlink(dir) and can drive i_nlink to 0, triggering the WARN_ON in drop_nlink(). Add a sanity check in vfat_rmdir() and msdos_rmdir(): only drop the parent link count when it is at least 3, otherwise report a filesystem error.

Risk And Classification

EPSS: 0.000240000 probability, percentile 0.073320000 (date 2026-06-01)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 9a53c3a783c2fa9b969628e65695c11c3e51e673 7fe0de287e931e07cb96ecf1f449b2ebdb0e1115 git	Not specified
CNA	Linux	Linux	affected 9a53c3a783c2fa9b969628e65695c11c3e51e673 9894c79fd9466612d0514be157b5c30cd93aa645 git	Not specified
CNA	Linux	Linux	affected 9a53c3a783c2fa9b969628e65695c11c3e51e673 cd569b87378b9c33ae13c23d6bb9d205d66f7c4b git	Not specified
CNA	Linux	Linux	affected 9a53c3a783c2fa9b969628e65695c11c3e51e673 d3b7ffa90f613938128432c7b2f35b7aa4bdd86b git	Not specified
CNA	Linux	Linux	affected 9a53c3a783c2fa9b969628e65695c11c3e51e673 955c5d670b5ae07c78f4345e23a895638db96ce1 git	Not specified
CNA	Linux	Linux	affected 9a53c3a783c2fa9b969628e65695c11c3e51e673 17866f8a0822d414cb02e621cf003a7d04396ef8 git	Not specified
CNA	Linux	Linux	affected 9a53c3a783c2fa9b969628e65695c11c3e51e673 d0bb592fa9def2bace90ac8926c0a1d6fa8c1aa0 git	Not specified
CNA	Linux	Linux	affected 9a53c3a783c2fa9b969628e65695c11c3e51e673 8cafcb881364af5ef3a8b9fed4db254054033d8a git	Not specified
CNA	Linux	Linux	affected 2.6.19	Not specified
CNA	Linux	Linux	unaffected 2.6.19 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.252 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.202 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.165 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.128 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.75 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.14 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.4 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/17866f8a0822d414cb02e621cf003a7d04396ef8	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/9894c79fd9466612d0514be157b5c30cd93aa645	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/d3b7ffa90f613938128432c7b2f35b7aa4bdd86b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/cd569b87378b9c33ae13c23d6bb9d205d66f7c4b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/8cafcb881364af5ef3a8b9fed4db254054033d8a	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/955c5d670b5ae07c78f4345e23a895638db96ce1	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/d0bb592fa9def2bace90ac8926c0a1d6fa8c1aa0	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/7fe0de287e931e07cb96ecf1f449b2ebdb0e1115	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.