{"cve":{"cve_id":"CVE-2026-52990","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"In the Linux kernel, the following vulnerability has been resolved:\n\nfsnotify: fix inode reference leak in fsnotify_recalc_mask()\n\nfsnotify_recalc_mask() fails to handle the return value of\n__fsnotify_recalc_mask(), which may return an inode pointer that needs\nto be released via fsnotify_drop_object() when the connector's HAS_IREF\nflag transitions from set to cleared.\n\nThis manifests as a hung task with the following call trace:\n\n INFO: task umount:1234 blocked for more than 120 seconds.\n Call Trace:\n __schedule\n schedule\n fsnotify_sb_delete\n generic_shutdown_super\n kill_anon_super\n cleanup_mnt\n task_work_run\n do_exit\n do_group_exit\n\nThe race window that triggers the iref leak:\n\n Thread A (adding mark) Thread B (removing mark)\n ────────────────────── ────────────────────────\n fsnotify_add_mark_locked():\n fsnotify_add_mark_list():\n spin_lock(conn->lock)\n add mark_B(evictable) to list\n spin_unlock(conn->lock)\n return\n\n /* ---- gap: no lock held ---- */\n\n fsnotify_detach_mark(mark_A):\n spin_lock(mark_A->lock)\n clear ATTACHED flag on mark_A\n spin_unlock(mark_A->lock)\n fsnotify_put_mark(mark_A)\n\n fsnotify_recalc_mask():\n spin_lock(conn->lock)\n __fsnotify_recalc_mask():\n /* mark_A skipped: ATTACHED cleared */\n /* only mark_B(evictable) remains */\n want_iref = false\n has_iref = true /* not yet cleared */\n -> HAS_IREF transitions true -> false\n -> returns inode pointer\n spin_unlock(conn->lock)\n /* BUG: return value discarded!\n * iput() and fsnotify_put_sb_watched_objects()\n * are never called */\n\nFix this by deferring the transition true -> false of HAS_IREF flag from\nfsnotify_recalc_mask() (Thread A) to fsnotify_put_mark() (thread B).","published_at":"2026-06-24T16:29:04.148000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://git.kernel.org/stable/c/8c8afa6444e6bdc145d2bf2f3aeeca6da3e36b42","https://git.kernel.org/stable/c/b740cc86816bbc87902ae9db74cd21abde3c8d63","https://git.kernel.org/stable/c/5c80289503da3658e3df80280598c68d181eadbd","https://git.kernel.org/stable/c/4aca914ac152f5d055ddcb36704d1e539ac08977"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:55:22.518073Z","updated_at":"2026-06-28T23:30:49.890169Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"c3638b5b13740fa31762d414bbce8b7a694e582a","version_start_inclusive":true,"version_end":"8c8afa6444e6bdc145d2bf2f3aeeca6da3e36b42","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:c3638b5b13740fa31762d414bbce8b7a694e582a:8c8afa6444e6bdc145d2bf2f3aeeca6da3e36b42"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"c3638b5b13740fa31762d414bbce8b7a694e582a","version_start_inclusive":true,"version_end":"b740cc86816bbc87902ae9db74cd21abde3c8d63","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:c3638b5b13740fa31762d414bbce8b7a694e582a:b740cc86816bbc87902ae9db74cd21abde3c8d63"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"c3638b5b13740fa31762d414bbce8b7a694e582a","version_start_inclusive":true,"version_end":"5c80289503da3658e3df80280598c68d181eadbd","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:c3638b5b13740fa31762d414bbce8b7a694e582a:5c80289503da3658e3df80280598c68d181eadbd"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"c3638b5b13740fa31762d414bbce8b7a694e582a","version_start_inclusive":true,"version_end":"4aca914ac152f5d055ddcb36704d1e539ac08977","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:c3638b5b13740fa31762d414bbce8b7a694e582a:4aca914ac152f5d055ddcb36704d1e539ac08977"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"ff34ebaa6f6dc1eebce6a8d6f12a1566f33d00fe","version_start_inclusive":true,"version_end":"ff34ebaa6f6dc1eebce6a8d6f12a1566f33d00fe","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:ff34ebaa6f6dc1eebce6a8d6f12a1566f33d00fe:ff34ebaa6f6dc1eebce6a8d6f12a1566f33d00fe"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"4f145b67c075324b13d6ae7d5abb6e7a1dbac26d","version_start_inclusive":true,"version_end":"4f145b67c075324b13d6ae7d5abb6e7a1dbac26d","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:4f145b67c075324b13d6ae7d5abb6e7a1dbac26d:4f145b67c075324b13d6ae7d5abb6e7a1dbac26d"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.10.220","version_start_inclusive":true,"version_end":"5.11","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:5.10.220:5.11"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.15.154","version_start_inclusive":true,"version_end":"5.16","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:5.15.154:5.16"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.19","version_start_inclusive":true,"version_end":"5.19","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.19:5.19"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"0","version_start_inclusive":true,"version_end":"5.19","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:0:5.19"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.12.91","version_start_inclusive":true,"version_end":"6.12.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.12.91:6.12.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.18.33","version_start_inclusive":true,"version_end":"6.18.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.18.33:6.18.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.0.10","version_start_inclusive":true,"version_end":"7.0.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.0.10:7.0.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.1:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://git.kernel.org/stable/c/8c8afa6444e6bdc145d2bf2f3aeeca6da3e36b42","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/b740cc86816bbc87902ae9db74cd21abde3c8d63","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/5c80289503da3658e3df80280598c68d181eadbd","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/4aca914ac152f5d055ddcb36704d1e539ac08977","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-24T16:29:04.148000Z","label":"CVE published","source":null}]}