{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46054", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.094Z", "datePublished": "2026-05-27T12:57:12.813Z", "dateUpdated": "2026-05-27T12:57:12.813Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:57:12.813Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix overlayfs mmap() and mprotect() access checks\n\nThe existing SELinux security model for overlayfs is to allow access if\nthe current task is able to access the top level file (the \"user\" file)\nand the mounter's credentials are sufficient to access the lower\nlevel file (the \"backing\" file). Unfortunately, the current code does\nnot properly enforce these access controls for both mmap() and mprotect()\noperations on overlayfs filesystems.\n\nThis patch makes use of the newly created security_mmap_backing_file()\nLSM hook to provide the missing backing file enforcement for mmap()\noperations, and leverages the backing file API and new LSM blob to\nprovide the necessary information to properly enforce the mprotect()\naccess controls."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/selinux/hooks.c", "security/selinux/include/objsec.h"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "cd0e707a927a70cdfd8bc5a512a9719a87f5ed51", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "82544d36b1729153c8aeb179e84750f0c085d3b1", "status": "affected", "versionType": "git"}, {"version": "0", "lessThan": "7.0.4", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/selinux/hooks.c", "security/selinux/include/objsec.h"], "versions": [{"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51"}, {"url": "https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1"}], "title": "selinux: fix overlayfs mmap() and mprotect() access checks", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix overlayfs mmap() and mprotect() access checks\n\nThe existing SELinux security model for overlayfs is to allow access if\nthe current task is able to access the top level file (the \"user\" file)\nand the mounter's credentials are sufficient to access the lower\nlevel file (the \"backing\" file). Unfortunately, the current code does\nnot properly enforce these access controls for both mmap() and mprotect()\noperations on overlayfs filesystems.\n\nThis patch makes use of the newly created security_mmap_backing_file()\nLSM hook to provide the missing backing file enforcement for mmap()\noperations, and leverages the backing file API and new LSM blob to\nprovide the necessary information to properly enforce the mprotect()\naccess controls."}], "id": "CVE-2026-46054", "lastModified": "2026-05-27T14:48:03.013", "metrics": {}, "published": "2026-05-27T14:17:25.043", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/82544d36b1729153c8aeb179e84750f0c085d3b1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cd0e707a927a70cdfd8bc5a512a9719a87f5ed51"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{"created": "2026-05-27T18:30:26.980531+00:00", "title": "SELinux Bypass in OverlayFS mmap() and mprotect() Operations", "updated": "2026-05-27T18:30:26.980552+00:00", "vendors": [], "weaknesses": ["CWE-284"]}