{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "abc77577a669f424c5d0c185b9994f2621c52aa4"
            },
            {
              "fixed": "a24765332e129c1916d5a6615418b75599b8fcdc"
            },
            {
              "fixed": "4a7611ad653785fcdea5ff5f4441e2b7d05b7f11"
            },
            {
              "fixed": "04bb66be92f48ed13c3faf1139d892df228789bc"
            },
            {
              "fixed": "895ebbedf88318607c24acc0f591c74b165e1d0a"
            },
            {
              "fixed": "f130790f1acc8399f32652846c875a251efd040f"
            },
            {
              "fixed": "7baa02b0ae9d17ec5f08836d8ea88ce1927d0678"
            },
            {
              "fixed": "b7b24b28c8cd55844cab908f4f39dded638d5538"
            },
            {
              "fixed": "7746e3bd4cc19b5092e00d32d676e329bfcb6900"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.12.0"
            },
            {
              "fixed": "5.10.258"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.11.0"
            },
            {
              "fixed": "5.15.209"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.175"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.140"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.88"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.30"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "7.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46150.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfanotify: fix false positive on permission events\n\nfsnotify_get_mark_safe() may return false for a mark on an unrelated group,\nwhich results in bypassing the permission check.\n\nFix by skipping over detached marks that are not in the current group.",
  "id": "CVE-2026-46150",
  "modified": "2026-07-08T05:38:07.367439280Z",
  "published": "2026-05-28T09:36:06.494Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/04bb66be92f48ed13c3faf1139d892df228789bc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4a7611ad653785fcdea5ff5f4441e2b7d05b7f11"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7746e3bd4cc19b5092e00d32d676e329bfcb6900"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7baa02b0ae9d17ec5f08836d8ea88ce1927d0678"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/895ebbedf88318607c24acc0f591c74b165e1d0a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a24765332e129c1916d5a6615418b75599b8fcdc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7b24b28c8cd55844cab908f4f39dded638d5538"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f130790f1acc8399f32652846c875a251efd040f"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46150.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46150"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "fanotify: fix false positive on permission events"
}