High severity7.8NVD Advisory· Published May 27, 2026· Updated May 30, 2026
CVE-2026-45861
CVE-2026-45861
Description
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix slab-use-after-free in qd_put
Commit a475c5dd16e5 ("gfs2: Free quota data objects synchronously") started freeing quota data objects during filesystem shutdown instead of putting them back onto the LRU list, but it failed to remove these objects from the LRU list, causing LRU list corruption. This caused use-after-free when the shrinker (gfs2_qd_shrink_scan) tried to access already-freed objects on the LRU list.
Fix this by removing qd objects from the LRU list before freeing them in qd_put().
Initial fix from Deepanshu Kartikey <kartikey406@gmail.com>.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.