{"api_version":"1","generated_at":"2026-06-02T14:10:34+00:00","cve":"CVE-2026-46054","urls":{"html":"https://cve.report/CVE-2026-46054","api":"https://cve.report/api/cve/CVE-2026-46054.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-46054","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-46054"},"summary":{"title":"selinux: fix overlayfs mmap() and mprotect() access checks","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix overlayfs mmap() and mprotect() access checks\n\nThe existing SELinux security model for overlayfs is to allow access if\nthe current task is able to access the top level file (the \"user\" file)\nand the mounter's credentials are sufficient to access the lower\nlevel file (the \"backing\" file).  Unfortunately, the current code does\nnot properly enforce these access controls for both mmap() and mprotect()\noperations on overlayfs filesystems.\n\nThis patch makes use of the newly created security_mmap_backing_file()\nLSM hook to provide the missing backing file enforcement for mmap()\noperations, and leverages the backing file API and new LSM blob to\nprovide the necessary information to properly enforce the mprotect()\naccess controls.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-27 14:17:25","updated_at":"2026-05-30 11:17:19"},"problem_types":[],"metrics":[{"version":"3.1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","score":"7.1","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.1","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","data":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51","name":"https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1","name":"https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46054","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46054","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2f502839e85ab265f03f25f30d6463154aee5473 cd0e707a927a70cdfd8bc5a512a9719a87f5ed51 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2f502839e85ab265f03f25f30d6463154aee5473 82544d36b1729153c8aeb179e84750f0c085d3b1 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.19","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.19 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.4 7.0.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.1-rc1 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"46054","cve":"CVE-2026-46054","epss":"0.000120000","percentile":"0.019600000","score_date":"2026-06-01","updated_at":"2026-06-02 00:05:20"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["security/selinux/hooks.c","security/selinux/include/objsec.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"cd0e707a927a70cdfd8bc5a512a9719a87f5ed51","status":"affected","version":"2f502839e85ab265f03f25f30d6463154aee5473","versionType":"git"},{"lessThan":"82544d36b1729153c8aeb179e84750f0c085d3b1","status":"affected","version":"2f502839e85ab265f03f25f30d6463154aee5473","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["security/selinux/hooks.c","security/selinux/include/objsec.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"4.19"},{"lessThan":"4.19","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.4","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.1-rc1","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.4","versionStartIncluding":"4.19","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1-rc1","versionStartIncluding":"4.19","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix overlayfs mmap() and mprotect() access checks\n\nThe existing SELinux security model for overlayfs is to allow access if\nthe current task is able to access the top level file (the \"user\" file)\nand the mounter's credentials are sufficient to access the lower\nlevel file (the \"backing\" file).  Unfortunately, the current code does\nnot properly enforce these access controls for both mmap() and mprotect()\noperations on overlayfs filesystems.\n\nThis patch makes use of the newly created security_mmap_backing_file()\nLSM hook to provide the missing backing file enforcement for mmap()\noperations, and leverages the backing file API and new LSM blob to\nprovide the necessary information to properly enforce the mprotect()\naccess controls."}],"metrics":[{"cvssV3_1":{"baseScore":7.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}}],"providerMetadata":{"dateUpdated":"2026-05-30T10:47:02.590Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51"},{"url":"https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1"}],"title":"selinux: fix overlayfs mmap() and mprotect() access checks","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-46054","datePublished":"2026-05-27T12:57:12.813Z","dateReserved":"2026-05-13T15:03:33.094Z","dateUpdated":"2026-05-30T10:47:02.590Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-27 14:17:25","lastModifiedDate":"2026-05-30 11:17:19","problem_types":[],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"46054","Ordinal":"1","Title":"selinux: fix overlayfs mmap() and mprotect() access checks","CVE":"CVE-2026-46054","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"46054","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix overlayfs mmap() and mprotect() access checks\n\nThe existing SELinux security model for overlayfs is to allow access if\nthe current task is able to access the top level file (the \"user\" file)\nand the mounter's credentials are sufficient to access the lower\nlevel file (the \"backing\" file).  Unfortunately, the current code does\nnot properly enforce these access controls for both mmap() and mprotect()\noperations on overlayfs filesystems.\n\nThis patch makes use of the newly created security_mmap_backing_file()\nLSM hook to provide the missing backing file enforcement for mmap()\noperations, and leverages the backing file API and new LSM blob to\nprovide the necessary information to properly enforce the mprotect()\naccess controls.","Type":"Description","Title":"selinux: fix overlayfs mmap() and mprotect() access checks"}]}}}