CVE-2026-23032
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-01-31

Last updated on: 2026-06-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group. However, when the nullbX device is removed, the references taken to these fault-config configfs items are not released. As a result, kmemleak reports a memory leak, for example: unreferenced object 0xc00000021ff25c40 (size 32): comm "mkdir", pid 10665, jiffies 4322121578 hex dump (first 32 bytes): 69 6e 69 74 5f 68 63 74 78 5f 66 61 75 6c 74 5f init_hctx_fault_ 69 6e 6a 65 63 74 00 88 00 00 00 00 00 00 00 00 inject.......... backtrace (crc 1a018c86): __kmalloc_node_track_caller_noprof+0x494/0xbd8 kvasprintf+0x74/0xf4 config_item_set_name+0xf0/0x104 config_group_init_type_name+0x48/0xfc fault_config_init+0x48/0xf0 0xc0080000180559e4 configfs_mkdir+0x304/0x814 vfs_mkdir+0x49c/0x604 do_mkdirat+0x314/0x3d0 sys_mkdir+0xa0/0xd8 system_call_exception+0x1b0/0x4f0 system_call_vectored_common+0x15c/0x2ec Fix this by explicitly releasing the references to the fault-config configfs items when dropping the reference to the top-level nullbX configfs group.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-31
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-01-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23032
EUVD
EUVD-2026-5062
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's null-blk driver when the CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION option is enabled. The driver creates certain fault injection configfs items as children of a top-level nullbX configfs group. However, when the nullbX device is removed, the references to these fault-config configfs items are not properly released, causing a memory leak detected by kmemleak. The issue is fixed by explicitly releasing these references when the top-level nullbX configfs group reference is dropped.

Impact Analysis

The vulnerability can lead to memory leaks in the Linux kernel when the null-blk fault injection feature is used. This could potentially degrade system performance or stability over time due to unreleased memory resources.

Detection Guidance

This vulnerability can be detected by monitoring kmemleak reports for memory leaks related to the null_blk driver fault injection configfs items. Specifically, look for unreferenced objects associated with fault configfs items such as timeout_inject, requeue_inject, and init_hctx_fault_inject under nullbX devices. Commands to check kmemleak logs include: `dmesg | grep kmemleak` or checking the kmemleak debugfs interface with `cat /sys/kernel/debug/kmemleak`.

Mitigation Strategies

Immediate mitigation involves ensuring that the Linux kernel is updated to a version where this vulnerability is fixed, which includes the explicit release of references to fault-config configfs items when nullbX devices are removed. If updating is not immediately possible, avoid enabling CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION or remove nullbX devices carefully to minimize memory leaks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23032. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart