CVE-2026-23145
Unknown
Unknown - Not Provided
Reference Count Leak in Linux Kernel ext4 xattr Handling
Publication date: 2026-02-14
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
The error branch for ext4_xattr_inode_update_ref forget to release the
refcount for iloc.bh. Find this when review code.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 5.10.246 (inc) to 5.10.249 (exc) |
| linux | linux_kernel | From 5.15.195 (inc) to 5.15.199 (exc) |
| linux | linux_kernel | From 5.4.301 (inc) to 5.5 (exc) |
| linux | linux_kernel | From 6.1.157 (inc) to 6.1.162 (exc) |
| linux | linux_kernel | From 6.12.54 (inc) to 6.12.67 (exc) |
| linux | linux_kernel | From 6.17.4 (inc) to 6.18.7 (exc) |
| linux | linux_kernel | From 6.6.113 (inc) to 6.6.122 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's ext4 filesystem. Specifically, there was a bug in the ext4_xattr_inode_update_ref function where an error branch failed to release a reference count for iloc.bh, causing a resource leak.
How can this vulnerability impact me? :
The vulnerability causes a leak of a reference count in the ext4 filesystem code. While the exact impact is not detailed, such leaks can lead to resource exhaustion or instability in the filesystem over time.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70