CVE Catalog

CVE-2026-46040

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to a watch count leak in inotify when the fsnotify_add_inode_mark_locked() function fails. In this case, the dec_inotify_watches() function is not called, leading to a watch count leak and potentially reaching the max_user_watches limit.

Risk Assessment

Organizations may encounter issues with managing watches, which can lead to -ENOSPC errors even when no watches are active. This could affect system stability and service availability.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and prevent watch count leaks.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails When fsnotify_add_inode_mark_locked() fails in inotify_new_watch(), the error path calls inotify_remove_from_idr() but does not call dec_inotify_watches() to undo the preceding inc_inotify_watches(). This leaks a watch count, and repeated failures can exhaust the max_user_watches limit with -ENOSPC even when no watches are active. Prior to commit 1cce1eea0aff ("inotify: Convert to using per-namespace limits"), the watch count was incremented after fsnotify_add_mark_locked() succeeded, so this path was not affected. The conversion moved inc_inotify_watches() before the mark insertion without adding the corresponding rollback. Add the missing dec_inotify_watches() call in the error path.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS