CVE-2026-53126
Awaiting Analysis Awaiting Analysis - Queue

Reference Leak in Linux Kernel blk-cgroup

Vulnerability report for CVE-2026-53126, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-14

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current() Add the missing put_disk() on the error path in blkcg_maybe_throttle_current(). When blkcg lookup, blkg lookup, or blkg_tryget() fails, the function jumps to the out label which only calls rcu_read_unlock() but does not release the disk reference acquired by blkcg_schedule_throttle() via get_device(). Since current->throttle_disk is already set to NULL before the lookup, blkcg_exit() cannot release this reference either, causing the disk to never be freed. Restore the reference release that was present as blk_put_queue() in the original code but was inadvertently dropped during the conversion from request_queue to gendisk.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a disk reference leak in the Linux kernel's blk-cgroup subsystem, specifically in the function blkcg_maybe_throttle_current().

When certain lookups (blkcg lookup, blkg lookup, or blkg_tryget()) fail, the function jumps to an error handling label that only unlocks a read-copy-update (RCU) read lock but does not release a disk reference that was previously acquired.

Because the current process's throttle_disk pointer is set to NULL before the lookup, the usual cleanup function blkcg_exit() cannot release this disk reference, causing the disk reference to never be freed.

The fix restores the missing release of this disk reference that was accidentally dropped during code changes converting from request_queue to gendisk.

Impact Analysis

This vulnerability can lead to a resource leak in the Linux kernel where disk references are not properly released.

Over time, this leak could cause increased memory or resource consumption related to disk management, potentially degrading system performance or stability.

In extreme cases, it might contribute to system resource exhaustion, which could affect the availability of disk-related operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53126. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart