CVE-2026-31434

MEDIUM EPSS 2.4%
Published Apr 22, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 22, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group space_info When create_space_info_sub_group() allocates elements of space_info->sub_group[], kobject_init_and_add() is called for each element via btrfs_sysfs_add_space_info_type(). However, when check_removing_space_info() frees these elements, it does not call btrfs_sysfs_remove_space_info() on them. As a result, kobject_put() is not called and the associated kobj->name objects are leaked. This memory leak is reproduced by running the blktests test case zbd/009 on kernels built with CONFIG_DEBUG_KMEMLEAK. The kmemleak feature reports the following error: unreferenced object 0xffff888112877d40 (size 16): comm "mount", pid 1244, jiffies 4294996972 hex dump (first 16 bytes): 64 61 74 61 2d 72 65 6c 6f 63 00 c4 c6 a7 cb 7f data-reloc...... backtrace (crc 53ffde4d): __kmalloc_node_track_caller_noprof+0x619/0x870 kstrdup+0x42/0xc0 kobject_set_name_vargs+0x44/0x110 kobject_init_and_add+0xcf/0x150 btrfs_sysfs_add_space_info_type+0xfc/0x210 [btrfs] create_space_info_sub_group.constprop.0+0xfb/0x1b0 [btrfs] create_space_info+0x211/0x320 [btrfs] btrfs_init_space_info+0x15a/0x1b0 [btrfs] open_ctree+0x33c7/0x4a50 [btrfs] btrfs_get_tree.cold+0x9f/0x1ee [btrfs] vfs_get_tree+0x87/0x2f0 vfs_cmd_create+0xbd/0x280 __do_sys_fsconfig+0x3df/0x990 do_syscall_64+0x136/0x1540 entry_SYSCALL_64_after_hwframe+0x76/0x7e To avoid the leak, call btrfs_sysfs_remove_space_info() instead of kfree() for the elements.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥6.1.162  –  <6.1.168
linuxlinux_kernel*≥6.6.122  –  <6.6.131
linuxlinux_kernel*≥6.12.67  –  <6.12.80
linuxlinux_kernel*≥6.16  –  <6.18.21
linuxlinux_kernel*≥6.19  –  <6.19.11
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/1737ddeafbb1304f41ec2eede4f7366082e7c96a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c645c6f7e5470debbb81666b230056de48f36dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c844d01f9874a43004c82970d8da94f9aba8949
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/416484f21a9d1280cf6daa7ebc10c79b59c46e48
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94054ffd311a1f76b7093ba8ebf50bdb0d28337c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a4376d9a5d4c9610e69def3fc0b32c86a7ab7a41
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1737ddeafbb1304f41ec2eede4f7366082e7c96a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c645c6f7e5470debbb81666b230056de48f36dc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c844d01f9874a43004c82970d8da94f9aba8949
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/416484f21a9d1280cf6daa7ebc10c79b59c46e48
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94054ffd311a1f76b7093ba8ebf50bdb0d28337c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a4376d9a5d4c9610e69def3fc0b32c86a7ab7a41
    Patch