CVE-2026-45915
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to directory removal in FAT file systems. The flaw may lead to incorrect decrementing of the parent link count, resulting in filesystem errors.
Risk Assessment
Organizations may encounter data integrity issues in FAT file systems, potentially leading to loss of access to subdirectories and system crashes.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and to conduct an audit of FAT file systems to detect and repair any potential corruption.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect i_nlink (e.g. 2 even though subdirectories exist). rmdir then unconditionally calls drop_nlink(dir) and can drive i_nlink to 0, triggering the WARN_ON in drop_nlink(). Add a sanity check in vfat_rmdir() and msdos_rmdir(): only drop the parent link count when it is at least 3, otherwise report a filesystem error.

