CVE-2026-23145

Summary

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref

The error branch for ext4_xattr_inode_update_ref forget to release the refcount for iloc.bh. Find this when review code.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1cfb3e4ddbdc8e02e637b8852540bd4718bf4814 < 7c9f059c3d531a12d7ad96cd34a44b8af7c00d5faffected
LinuxLinux505e69f76ac497e788f4ea0267826ec7266b40c8 < 6241cd1d0acc2363016ac55b8773ba1332dd59d7affected
LinuxLinux3d6269028246f4484bfed403c947a114bb583631 < 3b00c16e42428a1ecd3a5eb9cc37f8ad9bd47626affected
LinuxLinux79ea7f3e11effe1bd9e753172981d9029133a278 < 0b06cde92f2f960f4ebe3c988c69f2711f2a24dcaffected
LinuxLinux6b879c4c6bbaab03c0ad2a983953bd1410bb165e < 8e8542c539927ae3898a4d02941f84e252e2dea1affected
LinuxLinux57295e835408d8d425bef58da5253465db3d6888 < 06e26287f2e349a28ad363941ffd9076bfed8b2eaffected
LinuxLinux57295e835408d8d425bef58da5253465db3d6888 < d250bdf531d9cd4096fedbb9f172bb2ca660c868affected
LinuxLinuxea39e712c2f5ae148ee5515798ae03523673e002affected
LinuxLinux440b003f449a4ff2a00b08c8eab9ba5cd28f3943affected
LinuxLinux5.10.246 < 5.10.249affected
LinuxLinux5.15.195 < 5.15.199affected
LinuxLinux6.1.157 < 6.1.162affected
LinuxLinux6.6.113 < 6.6.122affected
LinuxLinux6.12.54 < 6.12.67affected
LinuxLinux5.4.301 < 5.5affected
LinuxLinux6.17.4 < 6.18affected
LinuxLinux6.18affected
LinuxLinux0 < 6.18unaffected
LinuxLinux5.10.249 <= 5.10.*unaffected
LinuxLinux5.15.199 <= 5.15.*unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.122 <= 6.6.*unaffected
LinuxLinux6.12.67 <= 6.12.*unaffected
LinuxLinux6.18.7 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References