CVE-2026-23032

EPSS 0.02%
Veröffentlicht 31.01.2026 11:42:11
Zuletzt bearbeitet 03.02.2026 16:44:36
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

null_blk: fix kmemleak by releasing references to fault configfs items

When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk
driver sets up fault injection support by creating the timeout_inject,
requeue_inject, and init_hctx_fault_inject configfs items as children
of the top-level nullbX configfs group.

However, when the nullbX device is removed, the references taken to
these fault-config configfs items are not released. As a result,
kmemleak reports a memory leak, for example:

unreferenced object 0xc00000021ff25c40 (size 32):
  comm "mkdir", pid 10665, jiffies 4322121578
  hex dump (first 32 bytes):
    69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f  init_hctx_fault_
    69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00  inject..........
  backtrace (crc 1a018c86):
    __kmalloc_node_track_caller_noprof+0x494/0xbd8
    kvasprintf+0x74/0xf4
    config_item_set_name+0xf0/0x104
    config_group_init_type_name+0x48/0xfc
    fault_config_init+0x48/0xf0
    0xc0080000180559e4
    configfs_mkdir+0x304/0x814
    vfs_mkdir+0x49c/0x604
    do_mkdirat+0x314/0x3d0
    sys_mkdir+0xa0/0xd8
    system_call_exception+0x1b0/0x4f0
    system_call_vectored_common+0x15c/0x2ec

Fix this by explicitly releasing the references to the fault-config
configfs items when dropping the reference to the top-level nullbX
configfs group.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2

Version bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea

Status affected

Version < d59ba448ccd595d5d65e197216cf781a87db2b28

Version bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea

Status affected

Version < f1718da051282698aa8fa150bebb9724f6389fda

Version bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea

Status affected

Version < 40b94ec7edbbb867c4e26a1a43d2b898f04b93c5

Version bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.4

Status affected

Version < 6.4

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.122

Status unaffected

Version <= 6.12.*

Version 6.12.67

Status unaffected

Version <= 6.18.*

Version 6.18.7

Status unaffected

Version <= *

Version 6.19-rc6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2

https://git.kernel.org/stable/c/d59ba448ccd595d5d65e197216cf781a87db2b28

https://git.kernel.org/stable/c/f1718da051282698aa8fa150bebb9724f6389fda

https://git.kernel.org/stable/c/40b94ec7edbbb867c4e26a1a43d2b898f04b93c5

https://nvd.nist.gov/vuln/detail/CVE-2026-23032

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23032

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23032

EUVD