{"api_version":"1","generated_at":"2026-05-30T12:19:04+00:00","cve":"CVE-2026-45858","urls":{"html":"https://cve.report/CVE-2026-45858","api":"https://cve.report/api/cve/CVE-2026-45858.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-45858","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-45858"},"summary":{"title":"ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1\n\nWhen allocating initialized blocks from a large unwritten extent, or\nwhen splitting an unwritten extent during end I/O and converting it to\ninitialized, there is currently a potential issue of stale data if the\nextent needs to be split in the middle.\n\n       0  A      B  N\n       [UUUUUUUUUUUU]    U: unwritten extent\n       [--DDDDDDDD--]    D: valid data\n          |<-  ->| ----> this range needs to be initialized\n\next4_split_extent() first try to split this extent at B with\nEXT4_EXT_DATA_ENTIRE_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but\next4_split_extent_at() failed to split this extent due to temporary lack\nof space. It zeroout B to N and mark the entire extent from 0 to N\nas written.\n\n       0  A      B  N\n       [WWWWWWWWWWWW]    W: written extent\n       [SSDDDDDDDDZZ]    Z: zeroed, S: stale data\n\next4_split_extent() then try to split this extent at A with\nEXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and left\na stale written extent from 0 to A.\n\n       0  A      B   N\n       [WW|WWWWWWWWWW]\n       [SS|DDDDDDDDZZ]\n\nFix this by pass EXT4_EXT_DATA_PARTIAL_VALID1 to ext4_split_extent_at()\nwhen splitting at B, don't convert the entire extent to written and left\nit as unwritten after zeroing out B to N. The remaining work is just\nlike the standard two-part split. ext4_split_extent() will pass the\nEXT4_EXT_DATA_VALID2 flag when it calls ext4_split_extent_at() for the\nsecond time, allowing it to properly handle the split. If the split is\nsuccessful, it will keep extent from 0 to A as unwritten.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-27 14:16:57","updated_at":"2026-05-27 14:48:31"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/d67c8ecf3d8fda9b8ef80e6f665d84b6d6ac9d88","name":"https://git.kernel.org/stable/c/d67c8ecf3d8fda9b8ef80e6f665d84b6d6ac9d88","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/d17857b4fb9ba5745b59be0ef38fd532991fccbf","name":"https://git.kernel.org/stable/c/d17857b4fb9ba5745b59be0ef38fd532991fccbf","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/7015fcf473796e1d2d876f241bd9e0c36f3d4eef","name":"https://git.kernel.org/stable/c/7015fcf473796e1d2d876f241bd9e0c36f3d4eef","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/1bf6974822d1dba86cf11b5f05498581cf3488a2","name":"https://git.kernel.org/stable/c/1bf6974822d1dba86cf11b5f05498581cf3488a2","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/58ddae5d77b1db3a27b891c75a8fa120239ac092","name":"https://git.kernel.org/stable/c/58ddae5d77b1db3a27b891c75a8fa120239ac092","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-45858","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45858","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 58ddae5d77b1db3a27b891c75a8fa120239ac092 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 d17857b4fb9ba5745b59be0ef38fd532991fccbf git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 d67c8ecf3d8fda9b8ef80e6f665d84b6d6ac9d88 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 7015fcf473796e1d2d876f241bd9e0c36f3d4eef git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 1bf6974822d1dba86cf11b5f05498581cf3488a2 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.6.130 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.12.75 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.18.14 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.19.4 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.130 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.75 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.14 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.4 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"45858","cve":"CVE-2026-45858","epss":"0.000180000","percentile":"0.051640000","score_date":"2026-05-29","updated_at":"2026-05-30 00:13:24"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"58ddae5d77b1db3a27b891c75a8fa120239ac092","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"d17857b4fb9ba5745b59be0ef38fd532991fccbf","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"d67c8ecf3d8fda9b8ef80e6f665d84b6d6ac9d88","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"7015fcf473796e1d2d876f241bd9e0c36f3d4eef","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"1bf6974822d1dba86cf11b5f05498581cf3488a2","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"6.6.130","status":"affected","version":"0","versionType":"semver"},{"lessThan":"6.12.75","status":"affected","version":"0","versionType":"semver"},{"lessThan":"6.18.14","status":"affected","version":"0","versionType":"semver"},{"lessThan":"6.19.4","status":"affected","version":"0","versionType":"semver"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["fs/ext4/extents.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.130","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.75","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.14","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.4","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.130","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.75","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.14","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.4","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1\n\nWhen allocating initialized blocks from a large unwritten extent, or\nwhen splitting an unwritten extent during end I/O and converting it to\ninitialized, there is currently a potential issue of stale data if the\nextent needs to be split in the middle.\n\n       0  A      B  N\n       [UUUUUUUUUUUU]    U: unwritten extent\n       [--DDDDDDDD--]    D: valid data\n          |<-  ->| ----> this range needs to be initialized\n\next4_split_extent() first try to split this extent at B with\nEXT4_EXT_DATA_ENTIRE_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but\next4_split_extent_at() failed to split this extent due to temporary lack\nof space. It zeroout B to N and mark the entire extent from 0 to N\nas written.\n\n       0  A      B  N\n       [WWWWWWWWWWWW]    W: written extent\n       [SSDDDDDDDDZZ]    Z: zeroed, S: stale data\n\next4_split_extent() then try to split this extent at A with\nEXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and left\na stale written extent from 0 to A.\n\n       0  A      B   N\n       [WW|WWWWWWWWWW]\n       [SS|DDDDDDDDZZ]\n\nFix this by pass EXT4_EXT_DATA_PARTIAL_VALID1 to ext4_split_extent_at()\nwhen splitting at B, don't convert the entire extent to written and left\nit as unwritten after zeroing out B to N. The remaining work is just\nlike the standard two-part split. ext4_split_extent() will pass the\nEXT4_EXT_DATA_VALID2 flag when it calls ext4_split_extent_at() for the\nsecond time, allowing it to properly handle the split. If the split is\nsuccessful, it will keep extent from 0 to A as unwritten."}],"providerMetadata":{"dateUpdated":"2026-05-27T12:15:37.738Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/58ddae5d77b1db3a27b891c75a8fa120239ac092"},{"url":"https://git.kernel.org/stable/c/d17857b4fb9ba5745b59be0ef38fd532991fccbf"},{"url":"https://git.kernel.org/stable/c/d67c8ecf3d8fda9b8ef80e6f665d84b6d6ac9d88"},{"url":"https://git.kernel.org/stable/c/7015fcf473796e1d2d876f241bd9e0c36f3d4eef"},{"url":"https://git.kernel.org/stable/c/1bf6974822d1dba86cf11b5f05498581cf3488a2"}],"title":"ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-45858","datePublished":"2026-05-27T12:15:37.738Z","dateReserved":"2026-05-13T15:03:33.079Z","dateUpdated":"2026-05-27T12:15:37.738Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-27 14:16:57","lastModifiedDate":"2026-05-27 14:48:31","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"45858","Ordinal":"1","Title":"ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALI","CVE":"CVE-2026-45858","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"45858","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1\n\nWhen allocating initialized blocks from a large unwritten extent, or\nwhen splitting an unwritten extent during end I/O and converting it to\ninitialized, there is currently a potential issue of stale data if the\nextent needs to be split in the middle.\n\n       0  A      B  N\n       [UUUUUUUUUUUU]    U: unwritten extent\n       [--DDDDDDDD--]    D: valid data\n          |<-  ->| ----> this range needs to be initialized\n\next4_split_extent() first try to split this extent at B with\nEXT4_EXT_DATA_ENTIRE_VALID1 and EXT4_EXT_MAY_ZEROOUT flag set, but\next4_split_extent_at() failed to split this extent due to temporary lack\nof space. It zeroout B to N and mark the entire extent from 0 to N\nas written.\n\n       0  A      B  N\n       [WWWWWWWWWWWW]    W: written extent\n       [SSDDDDDDDDZZ]    Z: zeroed, S: stale data\n\next4_split_extent() then try to split this extent at A with\nEXT4_EXT_DATA_VALID2 flag set. This time, it split successfully and left\na stale written extent from 0 to A.\n\n       0  A      B   N\n       [WW|WWWWWWWWWW]\n       [SS|DDDDDDDDZZ]\n\nFix this by pass EXT4_EXT_DATA_PARTIAL_VALID1 to ext4_split_extent_at()\nwhen splitting at B, don't convert the entire extent to written and left\nit as unwritten after zeroing out B to N. The remaining work is just\nlike the standard two-part split. ext4_split_extent() will pass the\nEXT4_EXT_DATA_VALID2 flag when it calls ext4_split_extent_at() for the\nsecond time, allowing it to properly handle the split. If the split is\nsuccessful, it will keep extent from 0 to A as unwritten.","Type":"Description","Title":"ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALI"}]}}}