CVE-2026-45984
Description
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix use-after-free in iomap inline data write path
The inline data buffer head (dibh) is being released prematurely in gfs2_iomap_begin() via release_metapath() while iomap->inline_data still points to dibh->b_data. This causes a use-after-free when iomap_write_end_inline() later attempts to write to the inline data area.
The bug sequence: 1. gfs2_iomap_begin() calls gfs2_meta_inode_buffer() to read inode metadata into dibh 2. Sets iomap->inline_data = dibh->b_data + sizeof(struct gfs2_dinode) 3. Calls release_metapath() which calls brelse(dibh), dropping refcount to 0 4. kswapd reclaims the page (~39ms later in the syzbot report) 5. iomap_write_end_inline() tries to memcpy() to iomap->inline_data 6. KASAN detects use-after-free write to freed memory
Fix by storing dibh in iomap->private and incrementing its refcount with get_bh() in gfs2_iomap_begin(). The buffer is then properly released in gfs2_iomap_end() after the inline write completes, ensuring the page stays alive for the entire iomap operation.
Note: A C reproducer is not available for this issue. The fix is based on analysis of the KASAN report and code review showing the buffer head is freed before use.
[agruenba: Take buffer head reference in gfs2_iomap_begin() to avoid leaks in gfs2_iomap_get() and gfs2_iomap_alloc().]
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
142- osv-coords140 versionspkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rvpkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-obs-qa&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 5.14.0-687.17.1.el9_8+ 139 more
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 5.14.0-687.17.1.el9_8
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1.160000.2.16
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-150700.53.60.1.150700.17.35.4
- (no CPE)range: < 6.12.0-160000.35.1.160000.2.16
- (no CPE)range: < 6.12.0-160000.35.1.160000.2.16
- (no CPE)range: < 6.4.0-47.1.21.24
- (no CPE)range: < 6.4.0-47.1.21.24
- (no CPE)range: < 6.12.0-160000.35.1.160000.2.16
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.4.0-47.1
- (no CPE)range: < 6.4.0-47.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-47.1
- (no CPE)range: < 6.4.0-47.1
- (no CPE)range: < 1-150700.1.5.2
- (no CPE)range: < 1-150700.15.3.2
- (no CPE)range: < 6.4.0-150700.53.60.2
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-150700.7.59.2
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-47.1
- (no CPE)range: < 6.4.0-47.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-150700.7.59.2
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.4.0-150700.7.59.1
- (no CPE)range: < 6.4.0-150700.53.60.1
- (no CPE)range: < 6.12.0-160000.35.1
- (no CPE)range: < 6.12.0-160000.35.1
Patches
Vulnerability mechanics
References
8- git.kernel.org/stable/c/1403989d1b502f4a2c0d0b42ccf1c25748442effnvdPatch
- git.kernel.org/stable/c/1cae1bafdf9caa9b462b19af06b1a06902e4e142nvdPatch
- git.kernel.org/stable/c/6d76febba07c40bcf358f63216d36ea68cf1c215nvdPatch
- git.kernel.org/stable/c/764c3c84b5683e608f43735c803a5f415046686cnvdPatch
- git.kernel.org/stable/c/815ddd27c0c7171a99fe802fdb19098ddef8b19dnvdPatch
- git.kernel.org/stable/c/87d4954b5c59735a99ea98cb208d47130f6dce7dnvdPatch
- git.kernel.org/stable/c/d87268326b277af3665237ac76a73dd9fa8e21b4nvdPatch
- git.kernel.org/stable/c/faddeb848305e79db89ee0479bb0e33380656321nvdPatch
News mentions
0No linked articles in our index yet.