{
  "threat_severity" : "Important",
  "public_date" : "2026-05-27T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: selinux: fix overlayfs mmap() and mprotect() access checks",
    "id" : "2482025",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2482025"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-280",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nselinux: fix overlayfs mmap() and mprotect() access checks\nThe existing SELinux security model for overlayfs is to allow access if\nthe current task is able to access the top level file (the \"user\" file)\nand the mounter's credentials are sufficient to access the lower\nlevel file (the \"backing\" file).  Unfortunately, the current code does\nnot properly enforce these access controls for both mmap() and mprotect()\noperations on overlayfs filesystems.\nThis patch makes use of the newly created security_mmap_backing_file()\nLSM hook to provide the missing backing file enforcement for mmap()\noperations, and leverages the backing file API and new LSM blob to\nprovide the necessary information to properly enforce the mprotect()\naccess controls.", "A flaw was found in the Linux kernel's SELinux security module when handling overlayfs. The existing security model for overlayfs does not properly enforce access controls for `mmap()` and `mprotect()` operations. This oversight could allow a local attacker to bypass intended security policies, potentially leading to unauthorized access to files within an overlayfs filesystem. The vulnerability is resolved by enhancing backing file enforcement for `mmap()` and leveraging new LSM (Linux Security Module) capabilities for `mprotect()` access controls." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25191",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "kernel-0:6.12.0-211.22.1.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27812",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.137.1.rt7.478.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27811",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.137.1.el8_10"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Under investigation",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-46054\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46054\nhttps://lore.kernel.org/linux-cve-announce/2026052754-CVE-2026-46054-b185@gregkh/T" ],
  "name" : "CVE-2026-46054",
  "csaw" : false
}