CVE-2026-31714
Received Received - Intake
Memory Leak in Linux Kernel F2FS Filesystem

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid memory leak in f2fs_rename() syzbot reported a f2fs bug as below: BUG: memory leak unreferenced object 0xffff888127f70830 (size 16): comm "syz.0.23", pid 6144, jiffies 4294943712 hex dump (first 16 bytes): 3c af 57 72 5b e6 8f ad 6e 8e fd 33 42 39 03 ff <.Wr[...n..3B9.. backtrace (crc 925f8a80): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4520 [inline] slab_alloc_node mm/slub.c:4844 [inline] __do_kmalloc_node mm/slub.c:5237 [inline] __kmalloc_noprof+0x3bd/0x560 mm/slub.c:5250 kmalloc_noprof include/linux/slab.h:954 [inline] fscrypt_setup_filename+0x15e/0x3b0 fs/crypto/fname.c:364 f2fs_setup_filename+0x52/0xb0 fs/f2fs/dir.c:143 f2fs_rename+0x159/0xca0 fs/f2fs/namei.c:961 f2fs_rename2+0xd5/0xf20 fs/f2fs/namei.c:1308 vfs_rename+0x7ff/0x1250 fs/namei.c:6026 filename_renameat2+0x4f4/0x660 fs/namei.c:6144 __do_sys_renameat2 fs/namei.c:6173 [inline] __se_sys_renameat2 fs/namei.c:6168 [inline] __x64_sys_renameat2+0x59/0x80 fs/namei.c:6168 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f The root cause is in commit 40b2d55e0452 ("f2fs: fix to create selinux label during whiteout initialization"), we added a call to f2fs_setup_filename() without a matching call to f2fs_free_filename(), fix it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-05-06
AI Q&A
2026-05-01
EPSS Evaluated
2026-05-05
NVD
CVE-2026-31714
EUVD
EUVD-2026-26523
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel f2fs *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a memory leak in the Linux kernel's f2fs filesystem, specifically in the f2fs_rename() function.

The issue occurs because a call to f2fs_setup_filename() was added without a corresponding call to f2fs_free_filename(), causing allocated memory to not be freed properly.

This was reported by syzbot and involves unreferenced objects remaining in memory, which can lead to increased memory usage over time.


How can this vulnerability impact me? :

The memory leak in the f2fs_rename() function can cause the system to consume more memory than necessary, potentially leading to degraded performance or system instability if the leak is significant or exploited repeatedly.

Over time, this could result in resource exhaustion, affecting the reliability of systems using the f2fs filesystem.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as a memory leak in the Linux kernel's f2fs filesystem, specifically in the f2fs_rename() function.

Detection can be done by monitoring kernel logs for memory leak messages similar to the following pattern:

  • Look for kernel BUG messages indicating unreferenced objects with comm "syz.0.23" or similar process names.
  • Use commands like `dmesg | grep -i 'memory leak'` or `journalctl -k | grep -i 'memory leak'` to find relevant kernel log entries.
  • Monitor for messages referencing f2fs_rename or related functions in the backtrace.

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by ensuring that every call to f2fs_setup_filename() is matched with a call to f2fs_free_filename(), preventing the memory leak.

Immediate mitigation steps include:

  • Update the Linux kernel to a version that includes the fix for this vulnerability (commit 40b2d55e0452 or later).
  • If updating immediately is not possible, monitor system logs for memory leaks and consider limiting or avoiding operations that trigger f2fs_rename() until patched.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart