CVE-2026-31400

MEDIUM EPSS 1.9%
Published Apr 3, 20263mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 3, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading a cache_request (rp->offset != 0), cache_release() decrements the request's readers count but never checks whether it should free the request. In cache_read(), when readers drops to 0 and CACHE_PENDING is clear, the cache_request is removed from the queue and freed along with its buffer and cache_head reference. cache_release() lacks this cleanup. The only other path that frees requests with readers == 0 is cache_dequeue(), but it runs only when CACHE_PENDING transitions from set to clear. If that transition already happened while readers was still non-zero, cache_dequeue() will have skipped the request, and no subsequent call will clean it up. Add the same cleanup logic from cache_read() to cache_release(): after decrementing readers, check if it reached 0 with CACHE_PENDING clear, and if so, dequeue and free the cache_request.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 16

VendorProductVersionRange
linuxlinux_kernel*≥2.6.12.1  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.78
linuxlinux_kernel*≥6.13  –  <6.18.20
linuxlinux_kernel*≥6.19  –  <6.19.10
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/17ad31b3a43b72aec3a3d83605891e1397d0d065
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1dfedb293943e491379c9302b428e6f920a73d12
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/301670dcd098c1fe5c2fe90fb3c7a8f4814d2351
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/373457de14281c1fc7cace6fc4c8a267fc176673
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41f6ba6c98a618043d2cd71030bf9a752dfab8b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7bcd5e318876ac638c8ceade7a648e76ac8c48e1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be5c35960e5ead70862736161836e2d1bc7352dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f18c1f2a88ca91357916997cdb0f7adaf14fc497
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/17ad31b3a43b72aec3a3d83605891e1397d0d065
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1dfedb293943e491379c9302b428e6f920a73d12
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/301670dcd098c1fe5c2fe90fb3c7a8f4814d2351
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/373457de14281c1fc7cace6fc4c8a267fc176673
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/41f6ba6c98a618043d2cd71030bf9a752dfab8b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7bcd5e318876ac638c8ceade7a648e76ac8c48e1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/be5c35960e5ead70862736161836e2d1bc7352dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f18c1f2a88ca91357916997cdb0f7adaf14fc497
    Patch