{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23032", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.942Z", "datePublished": "2026-01-31T11:42:11.640Z", "dateUpdated": "2026-05-11T21:58:41.157Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:41.157Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix kmemleak by releasing references to fault configfs items\n\nWhen CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk\ndriver sets up fault injection support by creating the timeout_inject,\nrequeue_inject, and init_hctx_fault_inject configfs items as children\nof the top-level nullbX configfs group.\n\nHowever, when the nullbX device is removed, the references taken to\nthese fault-config configfs items are not released. As a result,\nkmemleak reports a memory leak, for example:\n\nunreferenced object 0xc00000021ff25c40 (size 32):\n comm \"mkdir\", pid 10665, jiffies 4322121578\n hex dump (first 32 bytes):\n 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_\n 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject..........\n backtrace (crc 1a018c86):\n __kmalloc_node_track_caller_noprof+0x494/0xbd8\n kvasprintf+0x74/0xf4\n config_item_set_name+0xf0/0x104\n config_group_init_type_name+0x48/0xfc\n fault_config_init+0x48/0xf0\n 0xc0080000180559e4\n configfs_mkdir+0x304/0x814\n vfs_mkdir+0x49c/0x604\n do_mkdirat+0x314/0x3d0\n sys_mkdir+0xa0/0xd8\n system_call_exception+0x1b0/0x4f0\n system_call_vectored_common+0x15c/0x2ec\n\nFix this by explicitly releasing the references to the fault-config\nconfigfs items when dropping the reference to the top-level nullbX\nconfigfs group."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/block/null_blk/main.c"], "versions": [{"version": "bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea", "lessThan": "1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2", "status": "affected", "versionType": "git"}, {"version": "bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea", "lessThan": "d59ba448ccd595d5d65e197216cf781a87db2b28", "status": "affected", "versionType": "git"}, {"version": "bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea", "lessThan": "f1718da051282698aa8fa150bebb9724f6389fda", "status": "affected", "versionType": "git"}, {"version": "bb4c19e030f45c5416f1eb4daa94fbaf7165e9ea", "lessThan": "40b94ec7edbbb867c4e26a1a43d2b898f04b93c5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/block/null_blk/main.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.67", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.7", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.12.67"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.18.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2"}, {"url": "https://git.kernel.org/stable/c/d59ba448ccd595d5d65e197216cf781a87db2b28"}, {"url": "https://git.kernel.org/stable/c/f1718da051282698aa8fa150bebb9724f6389fda"}, {"url": "https://git.kernel.org/stable/c/40b94ec7edbbb867c4e26a1a43d2b898f04b93c5"}], "title": "null_blk: fix kmemleak by releasing references to fault configfs items", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix kmemleak by releasing references to fault configfs items\n\nWhen CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk\ndriver sets up fault injection support by creating the timeout_inject,\nrequeue_inject, and init_hctx_fault_inject configfs items as children\nof the top-level nullbX configfs group.\n\nHowever, when the nullbX device is removed, the references taken to\nthese fault-config configfs items are not released. As a result,\nkmemleak reports a memory leak, for example:\n\nunreferenced object 0xc00000021ff25c40 (size 32):\n comm \"mkdir\", pid 10665, jiffies 4322121578\n hex dump (first 32 bytes):\n 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_\n 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject..........\n backtrace (crc 1a018c86):\n __kmalloc_node_track_caller_noprof+0x494/0xbd8\n kvasprintf+0x74/0xf4\n config_item_set_name+0xf0/0x104\n config_group_init_type_name+0x48/0xfc\n fault_config_init+0x48/0xf0\n 0xc0080000180559e4\n configfs_mkdir+0x304/0x814\n vfs_mkdir+0x49c/0x604\n do_mkdirat+0x314/0x3d0\n sys_mkdir+0xa0/0xd8\n system_call_exception+0x1b0/0x4f0\n system_call_vectored_common+0x15c/0x2ec\n\nFix this by explicitly releasing the references to the fault-config\nconfigfs items when dropping the reference to the top-level nullbX\nconfigfs group."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnull_blk: corrige kmemleak al liberar referencias a elementos configfs de fallo\n\nCuando CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION est\u00e1 habilitado, el controlador null-blk configura el soporte de inyecci\u00f3n de fallos al crear los elementos configfs timeout_inject, requeue_inject e init_hctx_fault_inject como hijos del grupo configfs nullbX de nivel superior.\n\nSin embargo, cuando se elimina el dispositivo nullbX, las referencias tomadas a estos elementos configfs de configuraci\u00f3n de fallos no se liberan. Como resultado, kmemleak informa de una fuga de memoria, por ejemplo:\n\nobjeto sin referencia 0xc00000021ff25c40 (tama\u00f1o 32):\n comm 'mkdir', pid 10665, jiffies 4322121578\n volcado hexadecimal (primeros 32 bytes):\n 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_\n 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject..........\n rastreo (crc 1a018c86):\n __kmalloc_node_track_caller_noprof+0x494/0xbd8\n kvasprintf+0x74/0xf4\n config_item_set_name+0xf0/0x104\n config_group_init_type_name+0x48/0xfc\n fault_config_init+0x48/0xf0\n 0xc0080000180559e4\n configfs_mkdir+0x304/0x814\n vfs_mkdir+0x49c/0x604\n do_mkdirat+0x314/0x3d0\n sys_mkdir+0xa0/0xd8\n system_call_exception+0x1b0/0x4f0\n system_call_vectored_common+0x15c/0x2ec\n\nSolucione esto liberando expl\u00edcitamente las referencias a los elementos configfs de configuraci\u00f3n de fallos al eliminar la referencia al grupo configfs nullbX de nivel superior."}], "id": "CVE-2026-23032", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-01-31T12:16:06.513", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/40b94ec7edbbb867c4e26a1a43d2b898f04b93c5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d59ba448ccd595d5d65e197216cf781a87db2b28"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f1718da051282698aa8fa150bebb9724f6389fda"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: null_blk: fix kmemleak by releasing references to fault configfs items", "id": "2435653", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435653"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23032", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23032\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23032\nhttps://lore.kernel.org/linux-cve-announce/2026013121-CVE-2026-23032-643a@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-18T18:37:36.518794+00:00", "value": {"mitigation_remediation": ["Upgrade the kernel to a version that includes the null_blk patch releasing fault\u2011config references upon device removal.", "If an immediate kernel upgrade is not feasible, disable the CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION option in the kernel configuration to remove the fault\u2011injection path.", "Continuously monitor kmemleak output for unreferenced objects after null_blk device removal to ensure the leak has been fully mitigated."], "summary": {"action": "Patch Immediately", "impact": "Memory Leak and Potential Resource Exhaustion"}, "threat_synthesis": {"affected_systems": "All Linux kernel installations that include the null_blk driver with CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION enabled are affected. The issue is present in kernel releases where the null_blk fault\u2011injection code was patched to release references upon device removal, as referenced by the linked commit identifiers.", "description_and_impact": "The vulnerability causes unreferenced configfs items to persist after a null_blk device is removed, leading kmemleak to report a memory leak. The leak can consume kernel memory over time but does not provide direct code execution or privilege escalation. The weakness follows a classic resource\u2011leak pattern.", "risk_and_exploitability": "The CVSS score of 5.5 denotes moderate severity, while the EPSS score is less than 1\u202f% indicating a very low likelihood of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, it is inferred that the attack would be local and would require root or kernel\u2011module privileges to activate fault injection and trigger the memory leak. Because the impact is limited to memory consumption and not immediate privilege escalation, overall risk remains moderate."}}}}, "created": "2026-04-18T18:45:05.755195+00:00", "updated": "2026-04-18T18:45:05.755206+00:00", "vendors": [], "weaknesses": ["CWE-400"]}