CVE-2026-52906 is a vulnerability in Linux Kernel
Published on June 9, 2026
9p: fix access mode flags being ORed instead of replaced
In the Linux kernel, the following vulnerability has been resolved:
9p: fix access mode flags being ORed instead of replaced
Since commit 1f3e4142c0eb ("9p: convert to the new mount API"),
v9fs_apply_options() applies parsed mount flags with |= onto flags
already set by v9fs_session_init(). For 9P2000.L, session_init sets
V9FS_ACCESS_CLIENT as the default, so when the user mounts with
"access=user", both bits end up set. Access mode checks compare
against exact values, so having both bits set matches neither mode.
This causes v9fs_fid_lookup() to fall through to the default switch
case, using INVALID_UID (nobody/65534) instead of current_fsuid()
for all fid lookups. Root is then unable to chown or perform other
privileged operations.
Fix by clearing the access mask before applying the user's choice.
Products Associated with CVE-2026-52906
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 1f3e4142c0eb178089ea0cbc97506a061470ad27 and below b8f037e87a083291190204b959cda417aaf01058 is affected.
- Version 1f3e4142c0eb178089ea0cbc97506a061470ad27 and below da2346a48a5a1fed86c3fe3d73c0b60e7b3027c9 is affected.
- Version 6.19 is affected.
- Before 6.19 is unaffected.
- Version 7.0.4, <= 7.0.* is unaffected.
- Version 7.1-rc1, <= * is unaffected.