CVE-2026-45961
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
gfs2: fix memory leaks in gfs2_fill_super error path
Fix two memory leaks in the gfs2_fill_super() error handling path when transitioning a filesystem to read-write mode fails.
First leak: kthread objects (thread_struct, task_struct, etc.) When gfs2_freeze_lock_shared() fails after init_threads() succeeds, the created kernel threads (logd and quotad) are never destroyed. This occurs because the fail_per_node label doesn't call gfs2_destroy_threads().
Second leak: quota bitmap buffer (8192 bytes) When gfs2_make_fs_rw() fails after gfs2_quota_init() succeeds but before other operations complete, the allocated quota bitmap is never freed.
The fix moves thread cleanup to the fail_per_node label to handle all error paths uniformly. gfs2_destroy_threads() is safe to call unconditionally as it checks for NULL pointers. Quota cleanup is added in gfs2_make_fs_rw() to properly handle the withdrawal case where quota initialization succeeds but the filesystem is then withdrawn.
Thread leak backtrace (gfs2_freeze_lock_shared failure): unreferenced object 0xffff88801d7bca80 (size 4480): copy_process+0x3a1/0x4670 kernel/fork.c:2422 kernel_clone+0xf3/0x6e0 kernel/fork.c:2779 kthread_create_on_node+0x100/0x150 kernel/kthread.c:478 init_threads+0xab/0x350 fs/gfs2/ops_fstype.c:611 gfs2_fill_super+0xe5c/0x1240 fs/gfs2/ops_fstype.c:1265
Quota leak backtrace (gfs2_make_fs_rw failure): unreferenced object 0xffff88812de7c000 (size 8192): gfs2_quota_init+0xe5/0x820 fs/gfs2/quota.c:1409 gfs2_make_fs_rw+0x7a/0xe0 fs/gfs2/super.c:149 gfs2_fill_super+0xfbb/0x1240 fs/gfs2/ops_fstype.c:1275
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b66f723bb552ad59c2acb5d45ea45c890f84498b < e54229ecf49add8451d5f765a32c86ab4446e06c | affected |
| Linux | Linux | b66f723bb552ad59c2acb5d45ea45c890f84498b < da6f5bbc2e7902f578b503f2a4c3d8d09ca4b102 | affected |
| Linux | Linux | 2f8623377f3e0cfaa80558631b8694d02a492b4c | affected |
| Linux | Linux | c713ebf2fe3f469e4af4de60a3427689ffb7c5d7 | affected |
| Linux | Linux | c2191e507147b1a22e9170ebb2aaa0f2902fcbfa | affected |
| Linux | Linux | 9fc32dad3cdba18669c71893f3e6d96905b39b3f | affected |
| Linux | Linux | 5.10.173 < 5.11 | affected |
| Linux | Linux | 5.15.99 < 5.16 | affected |
| Linux | Linux | 6.1.16 < 6.2 | affected |
| Linux | Linux | 6.2.3 < 6.3 | affected |
| Linux | Linux | 6.3 | affected |
| Linux | Linux | 0 < 6.3 | unaffected |
| Linux | Linux | 6.19.4 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/e54229ecf49add8451d5f765a32c86ab4446e06c
- https://git.kernel.org/stable/c/da6f5bbc2e7902f578b503f2a4c3d8d09ca4b102
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.