CVE-2026-46107 | dm-thin: fix metadata refcount underflow

In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalance_children. If the internal btree node has one entry, the code tries to copy all btree entries from the node's child to the node itself and then decrement the child's reference count. If the child node is shared (it has reference count > 1), we won't free it, so there would be two pointers to each of the grandchildren nodes. But the reference counts of the grandchildren is not increased, thus the reference count doesn't match the number of pointers that point to the grandchildren. This results in "device mapper: space map common: unable to decrement block" errors. Fix this bug by incrementing reference counts on the grandchildren if the btree node is shared.

Published: 2026-05-28 Last update: 2026-06-19 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Awaiting Analysis，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2026-46107 is rated Low Risk (32.3/100): CVSS High severity, with low exploitation likelihood (EPSS 0.13%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-46107

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.02%	0.13%	+0.11%
2	2026-05-28	—	0.02%	—

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-46107

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.8	3.1	HIGH	`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.8	5.9	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Weakness enumeration for CVE-2026-46107

GitHub Security Advisory for CVE-2026-46107

GHSA-c6hr-v224-3w2w · Severity: high — In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata...

OS Trackers for CVE-2026-46107

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2026-46107 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 3, open 2.	https://security-tracker.debian.org/tracker/CVE-2026-46107
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2026-46107
`suse`	medium	CVE-2026-46107 severity moderate: SUSE including 4 source package names (kernel-devel-7.0.11-1.1, kernel-macros-7.0.11-1.1, kernel-source-7.0.11-1.1, kernel-source-vanilla-7.0.11-1.1), 4 product×package rows across 1 product lines (openSUSE Tumbleweed): Fixed 4.	https://www.suse.com/security/cve/CVE-2026-46107/
`ubuntu`	medium	CVE-2026-46107 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1422 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1024, ignored 173, needed 141, released 84.	https://ubuntu.com/security/CVE-2026-46107

Affected software / configurations for CVE-2026-46107

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2026-46107

URL	Tags
https://git.kernel.org/stable/c/09a65adc7d8bbfce06392cb6d375468e2728ead5
https://git.kernel.org/stable/c/12161e03d33afce781f68fa11cc6060538862fad
https://git.kernel.org/stable/c/323d252a4a378834e4fe68298ca61cfc5dd3a460
https://git.kernel.org/stable/c/5ec0debbcfd43596e32c1239e993de06a704e04c
https://git.kernel.org/stable/c/85311a585a26640760cd0f3349ab9f2905691044
https://git.kernel.org/stable/c/b719d12cb94df345e9ad2715fd0abe9afcaeb111
https://git.kernel.org/stable/c/f06f6aededd792a754cd677c02b3d3016d868c2c
https://git.kernel.org/stable/c/f49b41c9eb7c6ff00df27cd49cea210abbadd8ad

cvelogic Threat Intelligence