CVE-2026-43065
Analyzed Analyzed - Analysis Complete
Memory Leak in Linux Kernel ext4 Filesystem

Publication date: 2026-05-05

Last updated on: 2026-05-29

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ext4: always drain queued discard work in ext4_mb_release() While reviewing recent ext4 patch[1], Sashiko raised the following concern[2]: > If the filesystem is initially mounted with the discard option, > deleting files will populate sbi->s_discard_list and queue > s_discard_work. If it is then remounted with nodiscard, the > EXT4_MOUNT_DISCARD flag is cleared, but the pending s_discard_work is > neither cancelled nor flushed. [1] https://lore.kernel.org/r/[email protected]/ [2] https://sashiko.dev/#/patchset/20260319094545.19291-1-qiang.zhang%40linux.dev The concern was valid, but it had nothing to do with the patch[1]. One of the problems with Sashiko in its current (early) form is that it will detect pre-existing issues and report it as a problem with the patch that it is reviewing. In practice, it would be hard to hit deliberately (unless you are a malicious syzkaller fuzzer), since it would involve mounting the file system with -o discard, and then deleting a large number of files, remounting the file system with -o nodiscard, and then immediately unmounting the file system before the queued discard work has a change to drain on its own. Fix it because it's a real bug, and to avoid Sashiko from raising this concern when analyzing future patches to mballoc.c.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-29
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43065
EUVD
EUVD-2026-27363
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.21 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.131 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.80 (exc)
linux linux_kernel From 5.15 (inc) to 5.15.203 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's ext4 filesystem code, specifically in the handling of queued discard work in the ext4_mb_release() function.

When the filesystem is initially mounted with the discard option, deleting files queues discard work. If the filesystem is then remounted with the nodiscard option, the discard flag is cleared, but any pending discard work is neither cancelled nor processed (drained).

This can lead to queued discard operations remaining unhandled if the filesystem is unmounted immediately after remounting with nodiscard, which is a real bug fixed by this update.

However, triggering this issue deliberately is difficult and would require a specific sequence of mounting with discard, deleting many files, remounting with nodiscard, and unmounting quickly before the discard work drains.

Impact Analysis

The vulnerability could cause queued discard operations to remain unprocessed if the filesystem is remounted with the nodiscard option and then unmounted quickly.

This may lead to delayed or incomplete discard operations, potentially affecting filesystem performance or storage device behavior.

However, exploiting this issue deliberately is difficult and unlikely in typical usage scenarios.

Detection Guidance

This vulnerability involves the ext4 filesystem discard work queue not being properly drained when remounting with the nodiscard option after initially mounting with discard.

Detection would require checking if the filesystem was mounted with the discard option, then remounted with nodiscard, and if there is pending discard work that has not been flushed.

However, the provided information does not include specific commands or tools to detect this condition on a system or network.

Mitigation Strategies

The vulnerability was fixed by ensuring that queued discard work is always drained in the ext4_mb_release() function.

Immediate mitigation would involve updating the Linux kernel to a version that includes this fix.

Additionally, avoid mounting the ext4 filesystem with the discard option and then remounting with nodiscard without allowing the discard work to drain, as this sequence triggers the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43065. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart