CVE-2026-23032
Description
In the Linux kernel, the following vulnerability has been resolved:
null_blk: fix kmemleak by releasing references to fault configfs items
When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group.
However, when the nullbX device is removed, the references taken to these fault-config configfs items are not released. As a result, kmemleak reports a memory leak, for example:
unreferenced object 0xc00000021ff25c40 (size 32): comm "mkdir", pid 10665, jiffies 4322121578 hex dump (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject.......... backtrace (crc 1a018c86): __kmalloc_node_track_caller_noprof+0x494/0xbd8 kvasprintf+0x74/0xf4 config_item_set_name+0xf0/0x104 config_group_init_type_name+0x48/0xfc fault_config_init+0x48/0xf0 0xc0080000180559e4 configfs_mkdir+0x304/0x814 vfs_mkdir+0x49c/0x604 do_mkdirat+0x314/0x3d0 sys_mkdir+0xa0/0xd8 system_call_exception+0x1b0/0x4f0 system_call_vectored_common+0x15c/0x2ec
Fix this by explicitly releasing the references to the fault-config configfs items when dropping the reference to the top-level nullbX configfs group.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel null_blk driver leaks memory by not releasing fault injection configfs items on device removal, leading to potential denial of service.
Vulnerability
Overview The null block device driver (null_blk) in the Linux kernel contains a memory leak vulnerability when CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled. When fault injection support is configured, the driver creates configfs items for timeout, requeue, and init_hctx_fault injection as children of the top-level nullbX configfs group. However, when a nullbX device is removed, the references to these fault-config items are not released, causing kmemleak to report a memory leak [1].
Exploitation
Prerequisites An attacker would need the ability to create and remove null_blk devices, which typically requires root privileges or access to the configfs filesystem. By repeatedly creating and removing null_blk devices with fault injection enabled, the memory leak can be amplified. The vulnerability is limited to systems where the kernel is built with CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION=y.
Impact
The memory leak, as detected by kmemleak, results in unreferenced memory objects accumulating over time. While this may not lead to immediate corruption, it can exhaust system memory, potentially causing denial of service (DoS) conditions. The official description includes a kmemleak backtrace showing leaked memory associated with the 'init_hctx_fault_inject' configfs item.
Mitigation
The fix is available in the Linux kernel stable tree as commit 1a3286edf4d48ce37f8982ff3c3b65159a5ecbb2 [1]. System administrators should apply the patch or update to a kernel version containing this commit. No workaround is mentioned, but disabling CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION in the kernel configuration would prevent the vulnerability entirely.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.